Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove entries from the hash table, do not free them

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:13:53 +02:00 · 2018-05-14 09:13:53 +02:00 · 1511bcd8b2
parent 3ad9e211eb
commit 1511bcd8b2
2 changed files with 55 additions and 0 deletions
--- a/0061-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch
+++ b/0061-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch
@ -0,0 +1,52 @@
+From b96c60f55789527b1f9232ddae03e5c7566bf578 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 4 May 2018 17:00:55 +0200
+Subject: [PATCH] NSS: nss_clear_netgroup_hash_table() do not free data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+nss_clear_netgroup_hash_table() is called during the clearEnumCache SBUS
+request, which is e.g. used during 'sss_cache -E', to remove netgroup
+data cached in the memory of the NSS responder.
+
+Currently nss_clear_netgroup_hash_table() calls
+'sss_ptr_hash_delete_all(nss_ctx->netgrent, true);' which not only
+removes all entries in the 'netgerent' hash table but frees them as
+well.
+
+The second step is not needed because nss_setnetgrent_set_timeout()
+takes care that the data is freed after a timeout. Additionally freeing
+the data in nss_clear_netgroup_hash_table() can even do harm when the
+request is received by the NSS responder while waiting for the backend
+to acquire the netgroup data. Because if the backend is done the NSS
+responder tries do use enum_ctx which might have been freed in the
+meantime.
+
+Because of this nss_clear_netgroup_hash_table() should only remove the
+data from the hash table but not free it.
+
+Related to https://pagure.io/SSSD/sssd/issue/3731
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit b13cc2d1413a0d5bbe36e06e5ffd87dbf5c0cb9f)
+---
+ src/responder/nss/nsssrv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
+index 171c2a5ca..004e6c1a1 100644
+--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
+@@ -142,7 +142,7 @@ static int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *da
+ 
+     DEBUG(SSSDBG_TRACE_FUNC, "Invalidating netgroup hash table\n");
+ 
+-    sss_ptr_hash_delete_all(nss_ctx->netgrent, true);
+    sss_ptr_hash_delete_all(nss_ctx->netgrent, false);
+ 
+     return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
+ }
+-- 
+2.17.0
+
--- a/sssd.spec
+++ b/sssd.spec
@ -102,6 +102,7 @@ Patch0057: 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch
 Patch0058: 0058-SYSDB-Only-check-non-POSIX-groups-for-GID-conflicts.patch
 Patch0059: 0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch
 Patch0060: 0060-CACHE_REQ-Do-not-fail-the-domain-locator-plugin-if-I.patch
+Patch0061: 0061-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch

 Patch0502: 0502-SYSTEMD-Use-capabilities.patch
 Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
@ -1318,6 +1319,8 @@ fi
                            causing memory growth of the sssd_be process
 - Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a
                            first domain does not reach the second domain
+- Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove
+                            entries from the hash table, do not free them

 * Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
 - Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa