[lxc.git] / debian / patches / pve / 0003-PVE-Config-attach-always-use-getent.patch

From 580f2f5423b975f2d6a19004139788758a34359f Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 13 Aug 2019 13:57:22 +0200
Subject: [PATCH lxc 3/3] PVE: [Config] attach: always use getent

In debian buster, some libnss plugins (if installed) can
cause getpwent to segfault instead of erroring out cleanly.
To avoid this, stick to always using getent.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 src/lxc/attach.c | 28 ++--------------------------
 1 file changed, 2 insertions(+), 26 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 406b8ec74..0a82c0a5d 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -1454,12 +1454,8 @@ int lxc_attach_run_command(void *payload)
 
 int lxc_attach_run_shell(void* payload)
 {
-	__do_free char *buf = NULL;
 	uid_t uid;
-	struct passwd pwent;
-	struct passwd *pwentp = NULL;
 	char *user_shell;
-	size_t bufsize;
 	int ret;
 
 	/* Ignore payload parameter. */
@@ -1467,32 +1463,13 @@ int lxc_attach_run_shell(void* payload)
 
 	uid = getuid();
 
-	bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
-	if (bufsize == -1)
-		bufsize = 1024;
-
-	buf = malloc(bufsize);
-	if (buf) {
-		ret = getpwuid_r(uid, &pwent, buf, bufsize, &pwentp);
-		if (!pwentp) {
-			if (ret == 0)
-				WARN("Could not find matched password record");
-
-			WARN("Failed to get password record - %u", uid);
-		}
-	}
-
 	/* This probably happens because of incompatible nss implementations in
 	 * host and container (remember, this code is still using the host's
 	 * glibc but our mount namespace is in the container) we may try to get
 	 * the information by spawning a [getent passwd uid] process and parsing
 	 * the result.
 	 */
-	if (!pwentp)
-		user_shell = lxc_attach_getpwshell(uid);
-	else
-		user_shell = pwent.pw_shell;
-
+	user_shell = lxc_attach_getpwshell(uid);
 	if (user_shell)
 		execlp(user_shell, user_shell, (char *)NULL);
 
@@ -1502,8 +1479,7 @@ int lxc_attach_run_shell(void* payload)
 	execlp("/bin/sh", "/bin/sh", (char *)NULL);
 
 	SYSERROR("Failed to execute shell");
-	if (!pwentp)
-		free(user_shell);
+	free(user_shell);
 
 	return -1;
 }
-- 
2.20.1
Commit	Line	Data
8170740b	1	From 580f2f5423b975f2d6a19004139788758a34359f Mon Sep 17 00:00:00 2001
8a25e884 WB	2	From: Wolfgang Bumiller <w.bumiller@proxmox.com>
8a25e884 WB	3	Date: Tue, 13 Aug 2019 13:57:22 +0200
3e9264ba	4	Subject: [PATCH lxc 3/3] PVE: [Config] attach: always use getent
8a25e884 WB	5
	6	In debian buster, some libnss plugins (if installed) can
	7	cause getpwent to segfault instead of erroring out cleanly.
	8	To avoid this, stick to always using getent.
	9
	10	Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
	11	---
0a134a36 WB	12	src/lxc/attach.c \| 28 ++--------------------------
0a134a36 WB	13	1 file changed, 2 insertions(+), 26 deletions(-)
8a25e884 WB	14
8a25e884 WB	15	diff --git a/src/lxc/attach.c b/src/lxc/attach.c
3e9264ba	16	index 406b8ec74..0a82c0a5d 100644
8a25e884 WB	17	--- a/src/lxc/attach.c
8a25e884 WB	18	+++ b/src/lxc/attach.c
3e9264ba	19	@@ -1454,12 +1454,8 @@ int lxc_attach_run_command(void *payload)
0a134a36	20
8a25e884 WB	21	int lxc_attach_run_shell(void* payload)
8a25e884 WB	22	{
0a134a36	23	- __do_free char *buf = NULL;
8a25e884 WB	24	uid_t uid;
	25	- struct passwd pwent;
	26	- struct passwd *pwentp = NULL;
	27	char *user_shell;
8a25e884 WB	28	- size_t bufsize;
	29	int ret;
	30
	31	/* Ignore payload parameter. */
3e9264ba	32	@@ -1467,32 +1463,13 @@ int lxc_attach_run_shell(void* payload)
8a25e884 WB	33
	34	uid = getuid();
	35
	36	- bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
	37	- if (bufsize == -1)
	38	- bufsize = 1024;
	39	-
	40	- buf = malloc(bufsize);
	41	- if (buf) {
	42	- ret = getpwuid_r(uid, &pwent, buf, bufsize, &pwentp);
	43	- if (!pwentp) {
	44	- if (ret == 0)
	45	- WARN("Could not find matched password record");
	46	-
	47	- WARN("Failed to get password record - %u", uid);
	48	- }
	49	- }
	50	-
	51	/* This probably happens because of incompatible nss implementations in
	52	* host and container (remember, this code is still using the host's
	53	* glibc but our mount namespace is in the container) we may try to get
	54	* the information by spawning a [getent passwd uid] process and parsing
	55	* the result.
	56	*/
	57	- if (!pwentp)
	58	- user_shell = lxc_attach_getpwshell(uid);
	59	- else
	60	- user_shell = pwent.pw_shell;
	61	-
	62	+ user_shell = lxc_attach_getpwshell(uid);
	63	if (user_shell)
	64	execlp(user_shell, user_shell, (char *)NULL);
	65
3e9264ba	66	@@ -1502,8 +1479,7 @@ int lxc_attach_run_shell(void* payload)
8a25e884 WB	67	execlp("/bin/sh", "/bin/sh", (char *)NULL);
	68
	69	SYSERROR("Failed to execute shell");
	70	- if (!pwentp)
	71	- free(user_shell);
	72	+ free(user_shell);
	73
8a25e884 WB	74	return -1;
	75	}
	76	--
	77	2.20.1
	78