Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
On Wed, 2013-05-01 at 23:05 +0100, Steven Chamberlain wrote: I noticed (by chance) there is a problem with the squeeze-security patch for #690319; it introduces a regression on kfreebsd and has not built. I'm not sure where to find build logs of this, or if they are public, but I think it is due to using a non-standard EBADFD errno (file descriptor in bad state). I don't think the security build logs are public (even after the advisory is released) and I hadn't noticed the buil failure before. Perhaps EBADF (is not a valid file descriptor / bad file number) would be suitable instead and is more portable; please consider attached bug690319-amend-1.diff This looks like the right approach. The exact value of errno doesn't make that much of a difference in this case. I've applied this change upstream and am willing to prepare a 0.7.15+squeeze4 package. I think it's up to the security team to decide whether this should go to stable or stable-security. One thing to consider is that I'd also like to fix RC bug #700971 (the bug report contains the patch that would be applied). People run into this bug when installing a security update for nss-pam-ldapd. Thanks for pointing this out, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
Hi, I noticed (by chance) there is a problem with the squeeze-security patch for #690319; it introduces a regression on kfreebsd and has not built. I'm not sure where to find build logs of this, or if they are public, but I think it is due to using a non-standard EBADFD errno (file descriptor in bad state). Perhaps EBADF (is not a valid file descriptor / bad file number) would be suitable instead and is more portable; please consider attached bug690319-amend-1.diff Alternatively we could #define EBADFD EBADF on platforms that don't have it; please see bug690319-amend-2.diff if that is preferred. Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org --- nss-pam-ldapd-0.7.15+squeeze3/common/tio.c.orig 2013-02-12 21:03:06.0 + +++ nss-pam-ldapd-0.7.15+squeeze3/common/tio.c 2013-05-01 22:45:22.752734366 +0100 @@ -185,7 +185,7 @@ /* prepare our filedescriptorset */ if (fp-fd=FD_SETSIZE) { - errno=EBADFD; + errno=EBADF; return -1; } FD_ZERO(fdset); @@ -397,7 +397,7 @@ /* prepare our filedescriptorset */ if (fp-fd=FD_SETSIZE) { -errno=EBADFD; +errno=EBADF; return -1; } FD_ZERO(fdset); --- nss-pam-ldapd-0.7.15+squeeze3/common/tio.c.orig 2013-02-12 21:03:06.0 + +++ nss-pam-ldapd-0.7.15+squeeze3/common/tio.c 2013-05-01 22:46:58.205740782 +0100 @@ -42,6 +42,11 @@ #define ETIME ETIMEDOUT #endif /* ETIME */ +/* for platforms that don't have EBADFD use EBADF */ +#ifndef EBADFD +#define EBADFD EBADF +#endif /* EBADFD */ + /* structure that holds a buffer the buffer contains the data that is between the application and the file descriptor that is used for efficient transfer
Processed: Re: Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
Processing control commands: tags -1 + security Bug #690319 {Done: Arthur de Jong adej...@debian.org} [nss-pam-ldapd] lookup fail to contact nslcd when first 1024 filedescriptor are already used (select) Added tag(s) security. -- 690319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
Control: tags -1 + security It has been determined that this bug has security implications and CVE-2013-0288 has been assigned to this issue. For more details see the upstream advisory: http://arthurdejong.org/nss-pam-ldapd/CVE-2013-0288 A Debian security advisory for this issue will be issued shortly and a 0.7.15+squeeze3 release will be made available. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#690319: lookup fail to contact nslcd when first 1024 filedescriptor are already used (select)
On Fri, 2012-10-12 at 16:04 +0200, Adrien Urban wrote: When trying to get the identity, after establishing the connection (connect /var/run/nslcd/socket), it uses select to wait on it. If the filedescriptor is over 1024, it still uses FD_SET to write outside of the fd_set, and calls select with a max at 1024. The select won't have any fd to check, and will timeout. Thanks for reporting this and providing the detailed test. I guess the proper solution is to switch to poll() instead of select(). A smaller change would be to implement a check to see the FD would fit in the set. Exemple provided with binary id. First noticed it after tracing nginx having *alot* of log files, and crashing less than a minute after starting. Attached files : bug.c - example of sources used to show the bug cli.txt - example usage, and results from previous prog trace.log - strace showing the select dpkg.txt - list of packages on a box where the trace was generated trace.log is missing but with bug.c I can reproduce the problem easily. Thanks. Btw, I first couldn't reproduce the problem because I had nscd running (which also may be a good idea in your configuration) so that is at least a workaround in some cases. The patch with minimal changes for the 0.7 and 0.8 branches are here: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1782view=revision http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1781view=revision With this patch the id command will still fail but it will do so quickly and memory shouldn't be corrupted. I will work on switching to poll() instead. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part