Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
On Wed, 2013-05-01 at 23:05 +0100, Steven Chamberlain wrote: I noticed (by chance) there is a problem with the squeeze-security patch for #690319; it introduces a regression on kfreebsd and has not built. I'm not sure where to find build logs of this, or if they are public, but I think it is due to using a non-standard EBADFD errno (file descriptor in bad state). I don't think the security build logs are public (even after the advisory is released) and I hadn't noticed the buil failure before. Perhaps EBADF (is not a valid file descriptor / bad file number) would be suitable instead and is more portable; please consider attached bug690319-amend-1.diff This looks like the right approach. The exact value of errno doesn't make that much of a difference in this case. I've applied this change upstream and am willing to prepare a 0.7.15+squeeze4 package. I think it's up to the security team to decide whether this should go to stable or stable-security. One thing to consider is that I'd also like to fix RC bug #700971 (the bug report contains the patch that would be applied). People run into this bug when installing a security update for nss-pam-ldapd. Thanks for pointing this out, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
Hi,
I noticed (by chance) there is a problem with the squeeze-security patch
for #690319; it introduces a regression on kfreebsd and has not built.
I'm not sure where to find build logs of this, or if they are public,
but I think it is due to using a non-standard EBADFD errno (file
descriptor in bad state).
Perhaps EBADF (is not a valid file descriptor / bad file number)
would be suitable instead and is more portable; please consider
attached bug690319-amend-1.diff
Alternatively we could #define EBADFD EBADF on platforms that don't have
it; please see bug690319-amend-2.diff if that is preferred.
Thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--- nss-pam-ldapd-0.7.15+squeeze3/common/tio.c.orig 2013-02-12 21:03:06.0 +
+++ nss-pam-ldapd-0.7.15+squeeze3/common/tio.c 2013-05-01 22:45:22.752734366 +0100
@@ -185,7 +185,7 @@
/* prepare our filedescriptorset */
if (fp-fd=FD_SETSIZE)
{
- errno=EBADFD;
+ errno=EBADF;
return -1;
}
FD_ZERO(fdset);
@@ -397,7 +397,7 @@
/* prepare our filedescriptorset */
if (fp-fd=FD_SETSIZE)
{
-errno=EBADFD;
+errno=EBADF;
return -1;
}
FD_ZERO(fdset);
--- nss-pam-ldapd-0.7.15+squeeze3/common/tio.c.orig 2013-02-12 21:03:06.0 +
+++ nss-pam-ldapd-0.7.15+squeeze3/common/tio.c 2013-05-01 22:46:58.205740782 +0100
@@ -42,6 +42,11 @@
#define ETIME ETIMEDOUT
#endif /* ETIME */
+/* for platforms that don't have EBADFD use EBADF */
+#ifndef EBADFD
+#define EBADFD EBADF
+#endif /* EBADFD */
+
/* structure that holds a buffer
the buffer contains the data that is between the application and the
file descriptor that is used for efficient transfer
Processed: Re: Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
Processing control commands:
tags -1 + security
Bug #690319 {Done: Arthur de Jong adej...@debian.org} [nss-pam-ldapd] lookup
fail to contact nslcd when first 1024 filedescriptor are already used (select)
Added tag(s) security.
--
690319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
Control: tags -1 + security It has been determined that this bug has security implications and CVE-2013-0288 has been assigned to this issue. For more details see the upstream advisory: http://arthurdejong.org/nss-pam-ldapd/CVE-2013-0288 A Debian security advisory for this issue will be issued shortly and a 0.7.15+squeeze3 release will be made available. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
On Fri, 2012-10-12 at 16:04 +0200, Adrien Urban wrote: When trying to get the identity, after establishing the connection (connect /var/run/nslcd/socket), it uses select to wait on it. If the filedescriptor is over 1024, it still uses FD_SET to write outside of the fd_set, and calls select with a max at 1024. The select won't have any fd to check, and will timeout. Thanks for reporting this and providing the detailed test. I guess the proper solution is to switch to poll() instead of select(). A smaller change would be to implement a check to see the FD would fit in the set. Exemple provided with binary id. First noticed it after tracing nginx having *alot* of log files, and crashing less than a minute after starting. Attached files : bug.c - example of sources used to show the bug cli.txt - example usage, and results from previous prog trace.log - strace showing the select dpkg.txt - list of packages on a box where the trace was generated trace.log is missing but with bug.c I can reproduce the problem easily. Thanks. Btw, I first couldn't reproduce the problem because I had nscd running (which also may be a good idea in your configuration) so that is at least a workaround in some cases. The patch with minimal changes for the 0.7 and 0.8 branches are here: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1782view=revision http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1781view=revision With this patch the id command will still fail but it will do so quickly and memory shouldn't be corrupted. I will work on switching to poll() instead. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
