1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
The systemd System and Service Manager
Go to file
Michael Catanzaro 47fd7fa6c6 nss-systemd: ensure returned strings point into provided buffer
Jamie Bainbridge found an issue where glib's g_get_user_database_entry()
may crash after doing:

```
error = getpwnam_r (logname, &pwd, buffer, bufsize, &pw);
// ...
pw->pw_name[0] = g_ascii_toupper (pw->pw_name[0]);
```

in order to uppercase the first letter of the user's real name. This is
a glib bug, because there is a different codepath that gets the pwd from
vanilla getpwnam instead of getpwnam_r as shown here. When the pwd
struct is returned by getpwnam, its fields point to static data owned by
glibc/NSS, and so it must not be modified by the caller. After much
debugging, Jamie Bainbridge has fixed this in https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244
by making a copy of the data before modifying it, and that resolves all
problems for glib. Yay!

However, glib is crashing even when getpwnam_r is used instead of
getpwnam! According to getpwnam_r(3), the strings in the pwd struct are
supposed to be pointers into the buffer passed by the caller, so glib
should be able to safely edit it directly in this case, so long as it
doesn't try to increase the size of any of the strings.

Problem is various functions throughout nss-systemd.c return synthesized
records declared at the top of the file. These records are returned
directly and so contain pointers to static strings owned by
libsystemd-nss. systemd must instead copy all the strings into the
provided buffer.

This crash is reproducible if nss-systemd is listed first on the passwd
line in /etc/nsswitch.conf, and the application looks up one of the
synthesized user accounts "root" or "nobody", and finally the
application attempts to edit one of the strings in the returned struct.
All our synthesized records for the other struct types have the same
problem, so this commit fixes them all at once.

Fixes #20679
2021-09-09 15:07:57 -05:00
.github ci: Add openSUSE Tumbleweed among tested distros 2021-08-04 11:16:48 +02:00
.lgtm/cpp-queries lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC] 2019-04-10 20:03:38 +02:00
.semaphore ci: drop py2 lxml, pull in jinja2 2021-05-19 10:25:26 +09:00
catalog units: added factory-reset.target 2021-08-10 17:08:00 +02:00
coccinelle coccinelle: filter out a couple of 'false-positive' transformations 2021-03-18 11:59:53 +01:00
docs docs: polish the text about Portable Services a bit 2021-09-08 12:59:08 +02:00
factory/etc pam: fix typo try_authtok → use_authtok 2021-05-12 12:14:17 +02:00
hwdb.d Merge pull request #20527 from systemd/wip/hadess/usb-analysers-uaccess 2021-09-06 21:06:40 +02:00
man systemd-analyze: add new option to generate JSON output of security analysis table 2021-09-06 19:55:27 +01:00
mkosi.default.d tree-wide: fix typo 2021-09-05 09:09:13 +02:00
modprobe.d meson: install the right README file in modprobe.d 2021-07-07 14:52:05 +02:00
network network: add 80-container-vb.network 2021-09-04 08:15:34 +09:00
po po: Translated using Weblate (Finnish) 2021-09-01 05:17:52 +09:00
presets boot: optionally update sd-boot on boot 2021-07-30 17:19:55 +02:00
rules.d udev: Import hwdb matches for USB devices 2021-09-01 15:49:34 +02:00
shell-completion systemd-analyze: add new option to generate JSON output of security analysis table 2021-09-06 19:55:27 +01:00
src nss-systemd: ensure returned strings point into provided buffer 2021-09-09 15:07:57 -05:00
sysctl.d meson: use a/b instead of join_paths(a,b) 2021-07-27 19:32:35 +02:00
sysusers.d meson: allow "soft-static" allocations for uids and gids in the initrd 2021-06-17 09:48:28 +02:00
test test: rename dracut_install to image_install 2021-09-08 22:41:20 +09:00
tmpfiles.d tmpfiles.d: remove .Test-unix, it's obsolete 2021-08-31 10:57:37 +02:00
tools git-contrib: copypaste-friendly output 2021-07-19 15:39:26 +09:00
units homed: add missing capabilities for SMB/CIFS backend 2021-08-31 10:51:42 +02:00
xorg scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.clang-format clang-format: set SpaceBeforeParens to ControlStatementsExceptForEachMacros 2020-11-16 16:57:51 +09:00
.ctags editors: Prevent ctags from following symlinks 2019-02-15 11:01:20 -08:00
.dir-locals.el scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.editorconfig editorconfig: add man configuration 2020-05-26 15:37:05 +02:00
.gitattributes udev: Extract RAM properties from DMI information 2020-12-16 18:32:29 +01:00
.gitignore gitignore: only ignore *local*.conf" under mkosi.default.d/ 2021-09-03 13:15:52 +02:00
.lgtm.yml ci: bump meson version in LGTM 2021-07-28 11:26:10 +02:00
.mailmap mailmap: two more names 2021-03-30 13:17:58 +02:00
.packit.yml ci: add ppc64le Rawhide chroot to the Packit chroot set 2021-07-19 12:16:36 +01:00
.vimrc scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.ycm_extra_conf.py ycm: add doc string for all the functions in configuration file 2017-11-29 13:21:49 -07:00
configure tree-wide: add spdx header on all scripts and helpers 2021-01-28 09:55:35 +01:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile tree-wide: add spdx header on all scripts and helpers 2021-01-28 09:55:35 +01:00
meson_options.txt sd-boot: Draw custom edit cursor 2021-08-17 13:59:13 +02:00
meson.build meson.build: change operator combining bools from + to and 2021-09-04 09:09:32 +09:00
mkosi.build mkosi: make mkosi.build shellcheck-clean 2021-09-03 09:54:43 +02:00
NEWS NEWS: net.ipv4.tcp_ecn = 1 was reverted at v240 2021-08-25 09:08:23 +01:00
README README: add requirements for RestrictNetworkInterfaces= 2021-08-19 07:25:01 -05:00
README.md docs: add ARCHITECTURE.md with code map 2021-06-03 22:14:19 +02:00
TODO update TODO 2021-08-31 17:11:10 +02:00

Systemd

System and Service Manager

Count of open issues over time Count of open pull requests over time Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Language Grade: C/C++
CentOS CI - CentOS 7
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
Fossies codespell report
Packaging status

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.