From ggomez@fing.edu.uy  Thu Dec  4 11:47:23 2003
Return-Path: <ggomez@fing.edu.uy>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F18DA16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  4 Dec 2003 11:47:23 -0800 (PST)
Received: from davinci.fing.edu.uy (nis.fing.edu.uy [164.73.32.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F0ACC43FBF
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  4 Dec 2003 11:47:19 -0800 (PST)
	(envelope-from ggomez@fing.edu.uy)
Received: from ampere.fing.edu.uy (ampere.fing.edu.uy [164.73.38.2])
	by davinci.fing.edu.uy (8.12.10/8.12.9) with ESMTP id hB4JlAQJ025134;
	Thu, 4 Dec 2003 16:47:11 -0300 (GMT)
Received: from ampere.fing.edu.uy (localhost.fing.edu.uy [127.0.0.1])
	by ampere.fing.edu.uy (8.12.9/8.12.2) with ESMTP id hB4Jl8Xa090633;
	Thu, 4 Dec 2003 16:47:08 -0300 (UYT)
Received: (from ggomez@localhost)
	by ampere.fing.edu.uy (8.12.9/8.12.2/Submit) id hB4Jl8p1090632;
	Thu, 4 Dec 2003 16:47:08 -0300 (UYT)
Message-Id: <200312041947.hB4Jl8p1090632@ampere.fing.edu.uy>
Date: Thu, 4 Dec 2003 16:47:08 -0300 (UYT)
From: Gabriel Gomez <ggomez@fing.edu.uy>
Reply-To: Gabriel Gomez <ggomez@fing.edu.uy>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Gabriel Gomez <ggomez@fing.edu.uy>,
	Eduardo Cota <cota@fing.edu.uy>
Subject: libc error when using nis passwd.adjunct
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         59962
>Category:       bin
>Synopsis:       libc error when using nis passwd.adjunct
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    nectar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 04 11:50:15 PST 2003
>Closed-Date:    Mon Jan 12 05:32:05 PST 2004
>Last-Modified:  Mon Jan 12 05:40:12 PST 2004
>Originator:     Gabriel Gomez
>Release:        FreeBSD 5.2-BETA i386
>Organization:
Facultad de Ingenieria - Instituto de Ingenieria Electrica
>Environment:
System: FreeBSD prueba-iie.fing.edu.uy 5.2-BETA FreeBSD 5.2-BETA #0: Tue Nov 25 08:24:08 GMT 2003 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386

>Description:
	When using FreeBSD 5.x as a NIS Client and the server is using
	passwd.adjunct any program which call getpw*, generate a core dump.
	(bug in libc)

>How-To-Repeat:
  	This simple test can be used to generate the core dump.

		#include <stdio.h>
		#include <pwd.h>

		int main ()
		 {
			struct passwd *pw = getpwuid( UID );
			printf( "%s\n", (pw) ? pw->pw_name : "none" );
		 }

	where UID is any user defined in NIS passwd and passwd.adjunct map.

	Also doing a "ls -l FILE" where FILE is owned by a NIS user leads to
	a core dump.

>Fix:

	Patch /usr/src/lib/libc/gen/getpwent.c

diff getpwent.c getpwent.c-1.83.c
1128c1128
<  			rv = nis_adjunct(st->domain, pwd->pw_name,
---
> 			rv = nis_adjunct(st->domain, name,


>Release-Note:
>Audit-Trail:

From: rafan@infor.org
To: freebsd-gnats-submit@FreeBSD.org, ggomez@fing.edu.uy
Cc: nectar@freebsd.org, ggomez@fing.edu.uy
Subject: Re: kern/59962: libc error when using nis passwd.adjunct
Date: Mon, 12 Jan 2004 18:12:52 +0800 (CST)

 First, I coundn't make the test program sigsegv on my 5.2-RELEASE/i386 box.
 However, this following program does SIGSEGV on my box,
 
 #include <stdio.h>
 #include <sys/types.h>
 #include <pwd.h>
 
 int
 main(void)
 {
         struct passwd *pw;
 
         while ((pw = getpwent()) != NULL)
                 printf("%s\n", pw->pw_name);
         return 0;
 }
 
 This code segment is like some lines in top(1), so top(1) also
 SIGSEGV. As a notice, if you run this program or top(1) with root
 than you won't have SIGSEGV. My NIS server also supports passwd.adjunct.byname
 map (server is a FreeBSD box).
 
 I've tried the patch original attached, it's ok. If you want to ask me
 to do any test on my box, just tell me. Finally, I do consider this is 
 a serious bug, so please fix it ASAP, thanks.
 
 
Responsible-Changed-From-To: freebsd-bugs->nectar 
Responsible-Changed-By: nectar 
Responsible-Changed-When: Mon Jan 12 05:15:30 PST 2004 
Responsible-Changed-Why:  
I'm fairly certain that this bug is my fault. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=59962 

From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: rafan@infor.org
Cc: freebsd-gnats-submit@FreeBSD.org, ggomez@fing.edu.uy
Subject: Re: kern/59962: libc error when using nis passwd.adjunct
Date: Mon, 12 Jan 2004 07:10:55 -0600

 I hadn't seen this PR previously--- thanks for writing!
 
 On Mon, Jan 12, 2004 at 06:12:52PM +0800, rafan@infor.org wrote:
 > First, I coundn't make the test program sigsegv on my 5.2-RELEASE/i386 box.
 > However, this following program does SIGSEGV on my box,
 >
 > #include <stdio.h>
 > #include <sys/types.h>
 > #include <pwd.h>
 >
 > int
 > main(void)
 > {
 >         struct passwd *pw;
 >
 >         while ((pw = getpwent()) != NULL)
 >                 printf("%s\n", pw->pw_name);
 >         return 0;
 > }
 >
 > This code segment is like some lines in top(1), so top(1) also
 > SIGSEGV. As a notice, if you run this program or top(1) with root
 > than you won't have SIGSEGV. My NIS server also supports passwd.adjunct.byname
 > map (server is a FreeBSD box).
 >
 > I've tried the patch original attached, it's ok. If you want to ask me
 > to do any test on my box, just tell me. Finally, I do consider this is
 > a serious bug, so please fix it ASAP, thanks.
 
 Would you mind emailing to me directly a backtrace?  e.g.
 
   % cc -g pr59962.c
   % gdb ./a.out
   (gdb) run
   (gdb) bt
 
 Meanwhile, I will attempt to reproduce the issue here.
 Cheers,
 --
 Jacques Vidrine   NTT/Verio SME      FreeBSD UNIX       Heimdal
 nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se
State-Changed-From-To: open->closed 
State-Changed-By: nectar 
State-Changed-When: Mon Jan 12 05:30:59 PST 2004 
State-Changed-Why:  
Your patch was committed.  Thank you!! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=59962 

From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: Gabriel Gomez <ggomez@fing.edu.uy>
Cc: FreeBSD-gnats-submit@FreeBSD.org, Eduardo Cota <cota@fing.edu.uy>
Subject: Re: kern/59962: libc error when using nis passwd.adjunct
Date: Mon, 12 Jan 2004 07:30:14 -0600

 On Thu, Dec 04, 2003 at 04:47:08PM -0300, Gabriel Gomez wrote:
 > >Description:
 > 	When using FreeBSD 5.x as a NIS Client and the server is using
 > 	passwd.adjunct any program which call getpw*, generate a core dump.
 > 	(bug in libc)
 [...]
 > >Fix:
 >
 > 	Patch /usr/src/lib/libc/gen/getpwent.c
 >
 > diff getpwent.c getpwent.c-1.83.c
 > 1128c1128
 > <  			rv = nis_adjunct(st->domain, pwd->pw_name,
 > ---
 > > 			rv = nis_adjunct(st->domain, name,
 
 Good catch.  Although I do not have a NIS server configured with adjunct
 maps to test, I'm quite certain that your fix is correct.  This bug
 would surface whenever doing getpwuid() or getpwent() lookups, since
 `name' is only properly initialized when doing getpwnam() lookups.
 --
 Jacques Vidrine   NTT/Verio SME      FreeBSD UNIX       Heimdal
 nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se
>Unformatted:
