Constant buffer size set on max_nss_name_len is not enough to get results from getgrgid_r if there are thousands of members in a group

Bug #1608902 reported by Jaime Sicam
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server moved to
Status tracked in 5.7
Fix Released
Sergei Glushchenko
Fix Released
Sergei Glushchenko
Fix Released
Sergei Glushchenko

Bug Description

According to :

intgetgrgid_r(gid_t gid, struct group *result_buf, char *buffer, size_t buflen, struct group **result)
Preliminary: | MT-Safe locale | AS-Unsafe dlopen plugin heap lock | AC-Unsafe corrupt lock fd mem | See POSIX Safety Concepts.

If a group with ID gid is found, the pointer returned in result points to the record which contains the wanted data (i.e., result contains the value result_buf). If no group is found or if an error occurred, the pointer returned in result is a null pointer. The function returns zero or an error code. If the buffer buffer is too small to contain all the needed information, the error codeERANGE is returned and errno is set to ERANGE.

However, in group.c, the buffer is set to a constant value regardless of the size of the members in a group:

enum { max_nss_name_len = 10240 };
struct groups_iter {
  char buf[max_nss_name_len];
  gid_t groups[max_number_of_groups];
  int current_group;
  int ngroups;

struct groups_iter *it;

it= calloc(1, sizeof(struct groups_iter));


error= getgrgid_r(it->groups[it->current_group++],
                  &grp, it->buf, max_nss_name_len, &grp_result);
if (error != 0 || grp_result == NULL)
  return NULL;

To fix, either we could increase max_nss_name_len to a higher value or dynamically increase buffer size until getgrgid_r accepts the buffer.

Tags: pam i113561
Jaime Sicam (jssicam)
Changed in percona-pam-for-mysql:
status: New → Confirmed
Changed in percona-server:
status: New → Triaged
no longer affects: percona-pam-for-mysql
tags: added: pam
Revision history for this message
Sergei Glushchenko (sergei.glushchenko) wrote :
Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to:

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.