From nobody@FreeBSD.org  Mon Jan 19 15:57:35 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 48A5910656BA
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 19 Jan 2009 15:57:35 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 1BB1C8FC1A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 19 Jan 2009 15:57:35 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n0JFvYJw089926
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 19 Jan 2009 15:57:34 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n0JFvYPq089925;
	Mon, 19 Jan 2009 15:57:34 GMT
	(envelope-from nobody)
Message-Id: <200901191557.n0JFvYPq089925@www.freebsd.org>
Date: Mon, 19 Jan 2009 15:57:34 GMT
From: Andrey Zonov <andrey.zonov@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [libc] nscache.c/nscachedcli.c - return error if string of /etc/group is long
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         130749
>Category:       kern
>Synopsis:       [libc] [patch] nscache.c/nscachedcli.c - return error if string of /etc/group is long
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    des
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 19 16:00:09 UTC 2009
>Closed-Date:    
>Last-Modified:  Thu Oct 13 21:27:02 UTC 2011
>Originator:     Andrey Zonov
>Release:        7.1-RELEASE-p2
>Organization:
>Environment:
FreeBSD {sorry,cut}.ru 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #0: Sun Jan 18 16:15:29 MSK 2009     root@{sorry,cut}.ru:/usr/obj/usr/src/sys/FBSD7_AMD64_ULE  amd64
>Description:
nscd return error if string of /etc/group is long and return groups directly from /etc/group, really my problem with NIS long group, but with long group from /etc/group bug as affected.

I thing bug in src/lib/libc/net/nscachedcli.c. safe_read() return rec_error_code=848338984, then try read long group.
>How-To-Repeat:
1. Add in /etc/group:
strangegroup:*:9999:aa,ab,ac,ad,ae,af,ag,ah,ai,aj,ak,al,am,an,ao,ap,aq,ar,as,at,au,av,aw,ax,ay,az,ba,bb,bc,bd,be,bf,bg,bh,bi,bj,bk,bl,bm,bn,bo,bp,bq,br,bs,bt,bu,bv,bw,bx,by,bz,ca,cb,cc,cd,ce,cf,cg,ch,ci,cj,ck,cl,cm,cn,co,cp,cq,cr,cs,ct,cu,cv,cw,cx,cy,cz,da,db,dc,dd,de,df,dg,dh,di,dj,dk,dl,dm,dn,do

2. Edit /etc/nsswitch.conf:
group: cache compat

3. $ getent group | wc -l
     378

4. Run "nscd -t -n -s"

5. And run "getent group"
$ getent group | wc -l
     378
$ getent group | wc -l
     442
$ getent group | wc -l
     442

For local groups this is not critical, but for NIS (and other network management) is critical.

nscd show debug:
M1 from main: request agents registered successfully
M2 from cache: cache was successfully initialized
M2 from runtime environment: using socket /var/run/nscd
M2 from runtime environment: successfully initialized
M1 from main: working in single-threaded mode
E3 from on_mp_read_session_read_response_write1: write failed

>Fix:
Only workaround.

1. For nscd
--- src/lib/libc/net/nscache.c.orig     2009-01-11 22:30:47.000000000 +0300
+++ src/lib/libc/net/nscache.c  2009-01-12 13:23:45.000000000 +0300
@@ -39,7 +39,7 @@
 #define NSS_CACHE_KEY_INITIAL_SIZE     (256)
 #define NSS_CACHE_KEY_SIZE_LIMIT       (NSS_CACHE_KEY_INITIAL_SIZE << 4)
 
-#define NSS_CACHE_BUFFER_INITIAL_SIZE  (1024)
+#define NSS_CACHE_BUFFER_INITIAL_SIZE  (4096)
 #define NSS_CACHE_BUFFER_SIZE_LIMIT    (NSS_CACHE_BUFFER_INITIAL_SIZE << 8)
 
 #define CACHED_SOCKET_PATH             "/var/run/nscd"

2. And for NIS work this patch - http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/96840

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: des 
Responsible-Changed-When: Thu Oct 13 21:27:01 UTC 2011 
Responsible-Changed-Why:  
nscd is mine for now 

http://www.freebsd.org/cgi/query-pr.cgi?pr=130749 
>Unformatted:
