Bug#208428: Solution for this bug [PATCH]
On Tue, Oct 07, 2003 at 02:50:21AM +0200, Peter Paluch wrote:
> This bug is caused by a forgotten ERANGE value in the errno variable.
> More precisely, if internal_getgrnam_r() in nis/nss_compat/compat-grp.c
> finds a line in the /etc/group that doesn't fit into current buffer it sets
> the errno to ERANGE in order to tell the wrapper functions that the buffer
> is too small to hold the entire line (see the compat-grp.c at the line 396).
> This value is checked in the nss/getXXbyYY.c file at the line 124, and
> subsequently, the buffer size is increased and the internal_getgrnam_r() is
> called again. This cycle might repeat itself several times until the buffer
> is long enough to hold the entire line.
> However, once the errno has been set to ERANGE, the internal_getgrnam_r()
> won't change it to any other value, nor it will reset it. No matter whether
> the group lookup will be succesful or not, the errno will stay initialized
> to ERANGE, and the test in the nss/getXXbyYY.c will loop forever, increasing
> the buffer size along. As a result of this neverending loop, the memory is
> quickly exhausted.
It looks like this was solved differently upstream. See:
2003-09-03 Ulrich Drepper <email@example.com>
* nss/getXXbyYY_r.c (INTERNAL): Explicitly set errno and avoid
returning ERANGE if this wasn't intended.
and the following checkin. The guts of it are:
+ /* Don't pass back ERANGE if this is not for a too-small buffer. */
+ else if (errno == ERANGE && status != NSS_STATUS_TRYAGAIN)
+ res = EINVAL;
This bug should be fixed in experimental.
MontaVista Software Debian GNU/Linux Developer