commit: 4a976778611351073dc919fbe430e0a7089dd5a9 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Thu Feb 19 05:33:00 2026 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Thu Feb 19 19:46:26 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a976778
sys-apps/acl: fix memory use in setfacl Closes: https://bugs.gentoo.org/970228 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> .../{acl-2.3.2-r2.ebuild => acl-2.3.2-r3.ebuild} | 6 ++- sys-apps/acl/files/acl-2.3.2-memory.patch | 49 ++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/sys-apps/acl/acl-2.3.2-r2.ebuild b/sys-apps/acl/acl-2.3.2-r3.ebuild similarity index 92% rename from sys-apps/acl/acl-2.3.2-r2.ebuild rename to sys-apps/acl/acl-2.3.2-r3.ebuild index 00fc58b29247..d760e0734e66 100644 --- a/sys-apps/acl/acl-2.3.2-r2.ebuild +++ b/sys-apps/acl/acl-2.3.2-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -20,6 +20,10 @@ RDEPEND=" DEPEND="${RDEPEND}" BDEPEND="nls? ( sys-devel/gettext )" +PATCHES=( + "${FILESDIR}/acl-2.3.2-memory.patch" +) + src_prepare() { default diff --git a/sys-apps/acl/files/acl-2.3.2-memory.patch b/sys-apps/acl/files/acl-2.3.2-memory.patch new file mode 100644 index 000000000000..5727f3541e62 --- /dev/null +++ b/sys-apps/acl/files/acl-2.3.2-memory.patch @@ -0,0 +1,49 @@ +https://bugs.gentoo.org/970228 +https://cgit.git.savannah.nongnu.org/cgit/acl.git/commit/?id=56abe432b65801f31277fb9a3bca0f9e31502315 + +From 56abe432b65801f31277fb9a3bca0f9e31502315 Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner <[email protected]> +Date: Thu, 25 Apr 2024 12:43:49 +0200 +Subject: libmisc: __acl_get_uid(): fix memory wasting loop if user does not + exist + +I noticed that `acl_from_text()` unexpectedly returns ENOMEM for invalid +user names. The reason for this is a missing break statement in the for +loop in `__acl_get_uid()`, which causes the loop to act as if ERANGE was +returned from `getpwnam_r()`, thereby exponentially increasing the +buffer size to (in my case) multiple gigabytes, until `grow_buffer()` +reports ENOMEM, which terminates the `__acl_get_uid()` function. + +This is a pretty costly "no such user" lookup that can disturb a +process's heap memory management, but can also cause a process to fail +e.g. if it is multithreaded and other threads encounter an ENOMEM, +before `__acl_get_uid()` frees the gigantic heap buffer and returns. +The allocated memory isn't actually used. Therefore on Linux it should +not affect other processes by default, due to its overcommit memory +and lazy memory allocation strategy. + +Fix this by properly terminating the for loop on any conditions except +an ERANGE error being reported. The same break statement correctly +exists in `__acl_get_gid()` already. + +Fixes: 3737f00 ("use thread-safe getpwnam_r and getgrnam_r") +Signed-off-by: Andreas Gruenbacher <[email protected]> +--- + libmisc/uid_gid_lookup.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libmisc/uid_gid_lookup.c b/libmisc/uid_gid_lookup.c +index a4f21f6..74baab4 100644 +--- a/libmisc/uid_gid_lookup.c ++++ b/libmisc/uid_gid_lookup.c +@@ -91,6 +91,7 @@ __acl_get_uid(const char *token, uid_t *uid_p) + if (err == ERANGE) + continue; + errno = err ? err : EINVAL; ++ break; + } + free(buffer); + return result ? 0 : -1; +-- +cgit v1.2.3 +
