debian/patches/pve/0010-PVE-Config-attach-always-use-getent.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
   3 Date: Tue, 13 Aug 2019 13:57:22 +0200
   4 Subject: [PATCH] PVE: [Config] attach: always use getent
   5
   6 In debian buster, some libnss plugins (if installed) can
   7 cause getpwent to segfault instead of erroring out cleanly.
   8 To avoid this, stick to always using getent.
   9
  10 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  11 ---
  12  src/lxc/attach.c | 29 ++---------------------------
  13  1 file changed, 2 insertions(+), 27 deletions(-)
  14
  15 diff --git a/src/lxc/attach.c b/src/lxc/attach.c
  16 index 117e3778f..8b34a412e 100644
  17 --- a/src/lxc/attach.c
  18 +++ b/src/lxc/attach.c
  19 @@ -1548,11 +1548,7 @@ int lxc_attach_run_command(void *payload)
  20  int lxc_attach_run_shell(void* payload)
  21  {
  22         uid_t uid;
  23 -       struct passwd pwent;
  24 -       struct passwd *pwentp = NULL;
  25         char *user_shell;
  26 -       char *buf;
  27 -       size_t bufsize;
  28         int ret;
  29
  30         /* Ignore payload parameter. */
  31 @@ -1560,32 +1556,13 @@ int lxc_attach_run_shell(void* payload)
  32
  33         uid = getuid();
  34
  35 -       bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
  36 -       if (bufsize == -1)
  37 -               bufsize = 1024;
  38 -
  39 -       buf = malloc(bufsize);
  40 -       if (buf) {
  41 -               ret = getpwuid_r(uid, &pwent, buf, bufsize, &pwentp);
  42 -               if (!pwentp) {
  43 -                       if (ret == 0)
  44 -                               WARN("Could not find matched password record");
  45 -
  46 -                       WARN("Failed to get password record - %u", uid);
  47 -               }
  48 -       }
  49 -
  50         /* This probably happens because of incompatible nss implementations in
  51          * host and container (remember, this code is still using the host's
  52          * glibc but our mount namespace is in the container) we may try to get
  53          * the information by spawning a [getent passwd uid] process and parsing
  54          * the result.
  55          */
  56 -       if (!pwentp)
  57 -               user_shell = lxc_attach_getpwshell(uid);
  58 -       else
  59 -               user_shell = pwent.pw_shell;
  60 -
  61 +       user_shell = lxc_attach_getpwshell(uid);
  62         if (user_shell)
  63                 execlp(user_shell, user_shell, (char *)NULL);
  64
  65 @@ -1595,9 +1572,7 @@ int lxc_attach_run_shell(void* payload)
  66         execlp("/bin/sh", "/bin/sh", (char *)NULL);
  67
  68         SYSERROR("Failed to execute shell");
  69 -       if (!pwentp)
  70 -               free(user_shell);
  71 +       free(user_shell);
  72
  73 -       free(buf);
  74         return -1;
  75  }
  76 --
  77 2.20.1
  78