debian/patches/pve/0009-PVE-Config-attach-always-use-getent.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
   3 Date: Tue, 13 Aug 2019 13:57:22 +0200
   4 Subject: [PATCH lxc] PVE: [Config] attach: always use getent
   5
   6 In debian buster, some libnss plugins (if installed) can
   7 cause getpwent to segfault instead of erroring out cleanly.
   8 To avoid this, stick to always using getent.
   9
  10 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  11 ---
  12  src/lxc/attach.c | 28 ++--------------------------
  13  1 file changed, 2 insertions(+), 26 deletions(-)
  14
  15 diff --git a/src/lxc/attach.c b/src/lxc/attach.c
  16 index 77da7bb45..9b98d842b 100644
  17 --- a/src/lxc/attach.c
  18 +++ b/src/lxc/attach.c
  19 @@ -1841,12 +1841,8 @@ int lxc_attach_run_command(void *payload)
  20
  21  int lxc_attach_run_shell(void* payload)
  22  {
  23 -       __do_free char *buf = NULL;
  24         uid_t uid;
  25 -       struct passwd pwent;
  26 -       struct passwd *pwentp = NULL;
  27         char *user_shell;
  28 -       ssize_t bufsize;
  29         int ret;
  30
  31         /* Ignore payload parameter. */
  32 @@ -1854,32 +1850,13 @@ int lxc_attach_run_shell(void* payload)
  33
  34         uid = getuid();
  35
  36 -       bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
  37 -       if (bufsize < 0)
  38 -               bufsize = 1024;
  39 -
  40 -       buf = malloc(bufsize);
  41 -       if (buf) {
  42 -               ret = getpwuid_r(uid, &pwent, buf, bufsize, &pwentp);
  43 -               if (!pwentp) {
  44 -                       if (ret == 0)
  45 -                               WARN("Could not find matched password record");
  46 -
  47 -                       WARN("Failed to get password record - %u", uid);
  48 -               }
  49 -       }
  50 -
  51         /* This probably happens because of incompatible nss implementations in
  52          * host and container (remember, this code is still using the host's
  53          * glibc but our mount namespace is in the container) we may try to get
  54          * the information by spawning a [getent passwd uid] process and parsing
  55          * the result.
  56          */
  57 -       if (!pwentp)
  58 -               user_shell = lxc_attach_getpwshell(uid);
  59 -       else
  60 -               user_shell = pwent.pw_shell;
  61 -
  62 +       user_shell = lxc_attach_getpwshell(uid);
  63         if (user_shell)
  64                 execlp(user_shell, user_shell, (char *)NULL);
  65
  66 @@ -1889,8 +1866,7 @@ int lxc_attach_run_shell(void* payload)
  67         execlp("/bin/sh", "/bin/sh", (char *)NULL);
  68
  69         SYSERROR("Failed to execute shell");
  70 -       if (!pwentp)
  71 -               free(user_shell);
  72 +       free(user_shell);
  73
  74         return -1;
  75  }