|
 |
086f82 |
From d92cb9cb3860d7ff1b3ab64b459edf6051f69291 Mon Sep 17 00:00:00 2001
|
|
|
086f82 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
086f82 |
Date: Fri, 4 May 2018 17:00:55 +0200
|
|
|
086f82 |
Subject: [PATCH] NSS: nss_clear_netgroup_hash_table() do not free data
|
|
|
086f82 |
MIME-Version: 1.0
|
|
|
086f82 |
Content-Type: text/plain; charset=UTF-8
|
|
|
086f82 |
Content-Transfer-Encoding: 8bit
|
|
|
086f82 |
|
|
|
086f82 |
nss_clear_netgroup_hash_table() is called during the clearEnumCache SBUS
|
|
|
086f82 |
request, which is e.g. used during 'sss_cache -E', to remove netgroup
|
|
|
086f82 |
data cached in the memory of the NSS responder.
|
|
|
086f82 |
|
|
|
086f82 |
Currently nss_clear_netgroup_hash_table() calls
|
|
|
086f82 |
'sss_ptr_hash_delete_all(nss_ctx->netgrent, true);' which not only
|
|
|
086f82 |
removes all entries in the 'netgerent' hash table but frees them as
|
|
|
086f82 |
well.
|
|
|
086f82 |
|
|
|
086f82 |
The second step is not needed because nss_setnetgrent_set_timeout()
|
|
|
086f82 |
takes care that the data is freed after a timeout. Additionally freeing
|
|
|
086f82 |
the data in nss_clear_netgroup_hash_table() can even do harm when the
|
|
|
086f82 |
request is received by the NSS responder while waiting for the backend
|
|
|
086f82 |
to acquire the netgroup data. Because if the backend is done the NSS
|
|
|
086f82 |
responder tries do use enum_ctx which might have been freed in the
|
|
|
086f82 |
meantime.
|
|
|
086f82 |
|
|
|
086f82 |
Because of this nss_clear_netgroup_hash_table() should only remove the
|
|
|
086f82 |
data from the hash table but not free it.
|
|
|
086f82 |
|
|
|
086f82 |
Related to https://pagure.io/SSSD/sssd/issue/3731
|
|
|
086f82 |
|
|
|
086f82 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
086f82 |
(cherry picked from commit b13cc2d1413a0d5bbe36e06e5ffd87dbf5c0cb9f)
|
|
|
086f82 |
---
|
|
|
086f82 |
src/responder/nss/nsssrv.c | 2 +-
|
|
|
086f82 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
086f82 |
|
|
|
086f82 |
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
|
|
|
086f82 |
index 11d19fd30c86283d537623db12e52caa6cc4dcd3..123a2d73ce93a025c789524fa90b41d9a0afb58b 100644
|
|
|
086f82 |
--- a/src/responder/nss/nsssrv.c
|
|
|
086f82 |
+++ b/src/responder/nss/nsssrv.c
|
|
|
086f82 |
@@ -142,7 +142,7 @@ static int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *da
|
|
|
086f82 |
|
|
|
086f82 |
DEBUG(SSSDBG_TRACE_FUNC, "Invalidating netgroup hash table\n");
|
|
|
086f82 |
|
|
|
086f82 |
- sss_ptr_hash_delete_all(nss_ctx->netgrent, true);
|
|
|
086f82 |
+ sss_ptr_hash_delete_all(nss_ctx->netgrent, false);
|
|
|
086f82 |
|
|
|
086f82 |
return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
|
|
|
086f82 |
}
|
|
|
086f82 |
--
|
|
|
086f82 |
2.17.0
|
|
|
086f82 |
|