Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove entries from the hash table, do not free them
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This commit is contained in:
Fabiano Fidêncio
parent
3ad9e211eb
commit
1511bcd8b2
@ -0,0 +1,52 @@
|
||||
From b96c60f55789527b1f9232ddae03e5c7566bf578 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Fri, 4 May 2018 17:00:55 +0200
|
||||
Subject: [PATCH] NSS: nss_clear_netgroup_hash_table() do not free data
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
nss_clear_netgroup_hash_table() is called during the clearEnumCache SBUS
|
||||
request, which is e.g. used during 'sss_cache -E', to remove netgroup
|
||||
data cached in the memory of the NSS responder.
|
||||
|
||||
Currently nss_clear_netgroup_hash_table() calls
|
||||
'sss_ptr_hash_delete_all(nss_ctx->netgrent, true);' which not only
|
||||
removes all entries in the 'netgerent' hash table but frees them as
|
||||
well.
|
||||
|
||||
The second step is not needed because nss_setnetgrent_set_timeout()
|
||||
takes care that the data is freed after a timeout. Additionally freeing
|
||||
the data in nss_clear_netgroup_hash_table() can even do harm when the
|
||||
request is received by the NSS responder while waiting for the backend
|
||||
to acquire the netgroup data. Because if the backend is done the NSS
|
||||
responder tries do use enum_ctx which might have been freed in the
|
||||
meantime.
|
||||
|
||||
Because of this nss_clear_netgroup_hash_table() should only remove the
|
||||
data from the hash table but not free it.
|
||||
|
||||
Related to https://pagure.io/SSSD/sssd/issue/3731
|
||||
|
||||
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||
(cherry picked from commit b13cc2d1413a0d5bbe36e06e5ffd87dbf5c0cb9f)
|
||||
---
|
||||
src/responder/nss/nsssrv.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
|
||||
index 171c2a5ca..004e6c1a1 100644
|
||||
--- a/src/responder/nss/nsssrv.c
|
||||
+++ b/src/responder/nss/nsssrv.c
|
||||
@@ -142,7 +142,7 @@ static int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *da
|
||||
|
||||
DEBUG(SSSDBG_TRACE_FUNC, "Invalidating netgroup hash table\n");
|
||||
|
||||
- sss_ptr_hash_delete_all(nss_ctx->netgrent, true);
|
||||
+ sss_ptr_hash_delete_all(nss_ctx->netgrent, false);
|
||||
|
||||
return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
|
||||
}
|
||||
--
|
||||
2.17.0
|
||||
|
||||
@ -102,6 +102,7 @@ Patch0057: 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch
|
||||
Patch0058: 0058-SYSDB-Only-check-non-POSIX-groups-for-GID-conflicts.patch
|
||||
Patch0059: 0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch
|
||||
Patch0060: 0060-CACHE_REQ-Do-not-fail-the-domain-locator-plugin-if-I.patch
|
||||
Patch0061: 0061-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch
|
||||
|
||||
Patch0502: 0502-SYSTEMD-Use-capabilities.patch
|
||||
Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
|
||||
@ -1318,6 +1319,8 @@ fi
|
||||
causing memory growth of the sssd_be process
|
||||
- Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a
|
||||
first domain does not reach the second domain
|
||||
- Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove
|
||||
entries from the hash table, do not free them
|
||||
|
||||
* Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
|
||||
- Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa
|
||||
|
||||
Loading…
Reference in New Issue
Block a user