Merge pull request #32 from twosigma/release-1.2.1

Release 1.2.1
twosigma · Oct 8, 2021 · 10639ad · 10639ad
2 parents f39f02a + 4f585d1
commit 10639ad
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 7 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "nsncd"
-version = "1.2.0"
+version = "1.2.1"
 authors = [
     "Ben Linsay <[email protected]>",
     "Geoffrey Thomas <[email protected]>",
@@ -20,7 +20,7 @@ slog-async = "^2.7"
 slog-term = "^2.8"
 crossbeam-channel = "^0.5"
 # Hold at 0.21 - 0.22 MSRV is greater than Debian stretch
-nix = "^0.21"
+nix = "^0.21.2"
 num-derive = "^0.3"
 num-traits = "^0.2"
 

diff --git a/ci/libnss_whatami.c b/ci/libnss_whatami.c
@@ -20,11 +20,12 @@
 #include <nss.h>
 #include <pwd.h>
 #include <string.h>
+#include <stdlib.h>
 
 enum nss_status
 _nss_whatami_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen, int *errnop)
 {
-	if (strcmp(name, "whatami") == 0) {
+	if (strcmp(name, "whatami") == 0 || strncmp(name, "am_i_", 5) == 0) {
 		if (buflen < 16) {
 			*errnop = ERANGE;
 			return NSS_STATUS_TRYAGAIN;
@@ -42,3 +43,34 @@ _nss_whatami_getpwnam_r(const char *name, struct passwd *result, char *buffer, s
 		return NSS_STATUS_NOTFOUND;
 	}
 }
+
+enum nss_status
+_nss_whatami_initgroups_dyn(const char *user, gid_t group, long int *start, long int *size, gid_t **groups, long int limit, int *errnop)
+{
+	char buffer[21] = "am_i_";
+	prctl(PR_GET_NAME, buffer + 5);
+	if (strcmp(user, buffer) != 0) {
+		return NSS_STATUS_SUCCESS;
+	}
+
+	if (*size - *start < 20) {
+		if (limit > 0 && *size + 20 > limit) {
+			*errnop = ERANGE;
+			return NSS_STATUS_TRYAGAIN;
+		}
+		gid_t *newgroups = realloc(*groups, (*size + 20) * sizeof(**groups));
+		if (newgroups == NULL) {
+			*errnop = ENOMEM;
+			return NSS_STATUS_TRYAGAIN;
+		}
+		*groups = newgroups;
+		*size += 20;
+	}
+
+	for (int i = 0; i < 20; i++) {
+		(*groups)[*start + i] = 100001 + i;
+	}
+	*start += 20;
+
+	return NSS_STATUS_SUCCESS;
+}
diff --git a/ci/test.sh b/ci/test.sh
@@ -20,6 +20,7 @@ debian/rules vendor
 dpkg-buildpackage --no-sign
 gcc -fPIC -shared -o ci/libnss_whatami.so.2 ci/libnss_whatami.c
 sudo cp ci/libnss_whatami.so.2 /lib
-sudo sed -i 's/passwd:/& whatami/' /etc/nsswitch.conf
+sudo sed -i 's/\(passwd\|group\):/& whatami/' /etc/nsswitch.conf
 sudo dpkg -i ../nsncd*.deb
 getent passwd whatami | grep nsncd
+getent initgroups am_i_nsncd | grep '100001.*100020'
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,11 @@
+nsncd (1.2.1) unstable; urgency=medium
+
+  * Bump nix dependency to 0.21.2 to pick up fix for nix-rust/nix#1541
+    aka RUSTSEC-2021-0119, memory corruption when using initgroups on a
+    user in more than 16 groups.
+
+ -- Geoffrey Thomas <[email protected]>  Thu, 07 Oct 2021 17:30:16 -0400
+
 nsncd (1.2) unstable; urgency=medium
 
   * Add initgroups support.