Constant buffer size set on max_nss_name_len is not enough to get results from getgrgid_r if there are thousands of members in a group
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Fix Released
|
High
|
Sergei Glushchenko | |||
5.6 |
Fix Released
|
High
|
Sergei Glushchenko | |||
5.7 |
Fix Released
|
High
|
Sergei Glushchenko |
Bug Description
According to http://
"Function:
intgetgrgid_r(gid_t gid, struct group *result_buf, char *buffer, size_t buflen, struct group **result)
Preliminary: | MT-Safe locale | AS-Unsafe dlopen plugin heap lock | AC-Unsafe corrupt lock fd mem | See POSIX Safety Concepts.
If a group with ID gid is found, the pointer returned in result points to the record which contains the wanted data (i.e., result contains the value result_buf). If no group is found or if an error occurred, the pointer returned in result is a null pointer. The function returns zero or an error code. If the buffer buffer is too small to contain all the needed information, the error codeERANGE is returned and errno is set to ERANGE.
"
However, in group.c, the buffer is set to a constant value regardless of the size of the members in a group:
enum { max_nss_name_len = 10240 };
***
struct groups_iter {
char buf[max_
gid_t groups[
int current_group;
int ngroups;
};
***
struct groups_iter *it;
it= calloc(1, sizeof(struct groups_iter));
***
error= getgrgid_
if (error != 0 || grp_result == NULL)
{
return NULL;
}
To fix, either we could increase max_nss_name_len to a higher value or dynamically increase buffer size until getgrgid_r accepts the buffer.
Changed in percona-pam-for-mysql: | |
status: | New → Confirmed |
Changed in percona-server: | |
status: | New → Triaged |
no longer affects: | percona-pam-for-mysql |
tags: | added: pam |
https:/ /github. com/percona/ percona- server/ pull/816 /github. com/percona/ percona- server/ pull/817 /github. com/percona/ percona- server/ pull/818
https:/
https:/