1 /* Copyright (C) 2007-2023 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <https://www.gnu.org/licenses/>. */
17
18 #include <assert.h>
19 #include <errno.h>
20 #include <string.h>
21 #include <not-cancel.h>
22 #include <_itoa.h>
23 #include <stdint.h>
24
25 #include "nscd-client.h"
26 #include "nscd_proto.h"
27
28
29 int __nss_not_use_nscd_services;
30
31
32 static int nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
33 request_type type, struct servent *resultbuf,
34 char *buf, size_t buflen, struct servent **result);
35
36
37 int
38 __nscd_getservbyname_r (const char *name, const char *proto,
39 struct servent *result_buf, char *buf, size_t buflen,
40 struct servent **result)
41 {
42 return nscd_getserv_r (name, strlen (name), proto, GETSERVBYNAME, result_buf,
43 buf, buflen, result);
44 }
45
46
47 int
48 __nscd_getservbyport_r (int port, const char *proto,
49 struct servent *result_buf, char *buf, size_t buflen,
50 struct servent **result)
51 {
52 char portstr[3 * sizeof (int) + 2];
53 portstr[sizeof (portstr) - 1] = '\0';
54 char *cp = _itoa_word (port, portstr + sizeof (portstr) - 1, 10, 0);
55
56 return nscd_getserv_r (cp, portstr + sizeof (portstr) - 1 - cp, proto,
57 GETSERVBYPORT, result_buf, buf, buflen, result);
58 }
59
60
61 libc_locked_map_ptr (, __serv_map_handle) attribute_hidden;
62 /* Note that we only free the structure if necessary. The memory
63 mapping is not removed since it is not visible to the malloc
64 handling. */
65 void
66 __nscd_serv_map_freemem (void)
67 {
68 if (__serv_map_handle.mapped != NO_MAPPING)
69 {
70 void *p = __serv_map_handle.mapped;
71 __serv_map_handle.mapped = NO_MAPPING;
72 free (p);
73 }
74 }
75
76
77 static int
78 nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
79 request_type type, struct servent *resultbuf,
80 char *buf, size_t buflen, struct servent **result)
81 {
82 int gc_cycle;
83 int nretries = 0;
84 size_t alloca_used = 0;
85
86 /* If the mapping is available, try to search there instead of
87 communicating with the nscd. */
88 struct mapped_database *mapped;
89 mapped = __nscd_get_map_ref (GETFDSERV, "services", &__serv_map_handle,
90 &gc_cycle);
91 size_t protolen = proto == NULL ? 0 : strlen (proto);
92 size_t keylen = critlen + 1 + protolen + 1;
93 int alloca_key = __libc_use_alloca (keylen);
94 char *key;
95 if (alloca_key)
96 key = alloca_account (keylen, alloca_used);
97 else
98 {
99 key = malloc (keylen);
100 if (key == NULL)
101 return -1;
102 }
103 memcpy (__mempcpy (__mempcpy (key, crit, critlen),
104 "/", 1), proto ?: "", protolen + 1);
105
106 retry:;
107 const char *s_name = NULL;
108 const char *s_proto = NULL;
109 int alloca_aliases_len = 0;
110 const uint32_t *aliases_len = NULL;
111 const char *aliases_list = NULL;
112 int retval = -1;
113 const char *recend = (const char *) ~UINTMAX_C (0);
114 int sock = -1;
115 serv_response_header serv_resp;
116
117 if (mapped != NO_MAPPING)
118 {
119 struct datahead *found = __nscd_cache_search (type, key, keylen, mapped,
120 sizeof serv_resp);
121
122 if (found != NULL)
123 {
124 s_name = (char *) (&found->data[0].servdata + 1);
125 serv_resp = found->data[0].servdata;
126 s_proto = s_name + serv_resp.s_name_len;
127 alloca_aliases_len = 1;
128 aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len);
129 aliases_list = ((char *) aliases_len
130 + serv_resp.s_aliases_cnt * sizeof (uint32_t));
131 recend = (const char *) found->data + found->recsize;
132 /* Now check if we can trust serv_resp fields. If GC is
133 in progress, it can contain anything. */
134 if (mapped->head->gc_cycle != gc_cycle)
135 {
136 retval = -2;
137 goto out;
138 }
139 if (__builtin_expect ((const char *) aliases_len
140 + serv_resp.s_aliases_cnt * sizeof (uint32_t)
141 > recend, 0))
142 goto out;
143
144 /* The aliases_len array in the mapped database might very
145 well be unaligned. We will access it word-wise so on
146 platforms which do not tolerate unaligned accesses we
147 need to make an aligned copy. */
148 if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1))
149 != 0)
150 {
151 uint32_t *tmp;
152 alloca_aliases_len
153 = __libc_use_alloca (alloca_used
154 + (serv_resp.s_aliases_cnt
155 * sizeof (uint32_t)));
156 if (alloca_aliases_len)
157 tmp = alloca_account (serv_resp.s_aliases_cnt
158 * sizeof (uint32_t),
159 alloca_used);
160 else
161 {
162 tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t));
163 if (tmp == NULL)
164 {
165 retval = ENOMEM;
166 goto out;
167 }
168 }
169 aliases_len = memcpy (tmp, aliases_len,
170 serv_resp.s_aliases_cnt
171 * sizeof (uint32_t));
172 }
173 }
174 }
175
176 if (s_name == NULL)
177 {
178 sock = __nscd_open_socket (key, keylen, type, &serv_resp,
179 sizeof (serv_resp));
180 if (sock == -1)
181 {
182 __nss_not_use_nscd_services = 1;
183 goto out;
184 }
185 }
186
187 /* No value found so far. */
188 *result = NULL;
189
190 if (__glibc_unlikely (serv_resp.found == -1))
191 {
192 /* The daemon does not cache this database. */
193 __nss_not_use_nscd_services = 1;
194 goto out_close;
195 }
196
197 if (serv_resp.found == 1)
198 {
199 char *cp = buf;
200 uintptr_t align1;
201 uintptr_t align2;
202 size_t total_len;
203 ssize_t cnt;
204 int n;
205
206 /* A first check whether the buffer is sufficiently large is possible. */
207 /* Now allocate the buffer the array for the group members. We must
208 align the pointer and the base of the h_addr_list pointers. */
209 align1 = ((__alignof__ (char *) - ((uintptr_t) cp))
210 & (__alignof__ (char *) - 1));
211 align2 = ((__alignof__ (char *) - ((uintptr_t) (cp + align1 + serv_resp.s_name_len
212 + serv_resp.s_proto_len)))
213 & (__alignof__ (char *) - 1));
214 if (buflen < (align1 + serv_resp.s_name_len + serv_resp.s_proto_len
215 + align2
216 + (serv_resp.s_aliases_cnt + 1) * sizeof (char *)))
217 {
218 no_room:
219 __set_errno (ERANGE);
220 retval = ERANGE;
221 goto out_close;
222 }
223 cp += align1;
224
225 /* Prepare the result as far as we can. */
226 resultbuf->s_aliases = (char **) cp;
227 cp += (serv_resp.s_aliases_cnt + 1) * sizeof (char *);
228
229 resultbuf->s_name = cp;
230 cp += serv_resp.s_name_len;
231 resultbuf->s_proto = cp;
232 cp += serv_resp.s_proto_len + align2;
233 resultbuf->s_port = serv_resp.s_port;
234
235 if (s_name == NULL)
236 {
237 struct iovec vec[2];
238
239 vec[0].iov_base = resultbuf->s_name;
240 vec[0].iov_len = serv_resp.s_name_len + serv_resp.s_proto_len;
241 total_len = vec[0].iov_len;
242 n = 1;
243
244 if (serv_resp.s_aliases_cnt > 0)
245 {
246 assert (alloca_aliases_len == 0);
247 alloca_aliases_len
248 = __libc_use_alloca (alloca_used
249 + (serv_resp.s_aliases_cnt
250 * sizeof (uint32_t)));
251 if (alloca_aliases_len)
252 aliases_len = alloca_account (serv_resp.s_aliases_cnt
253 * sizeof (uint32_t),
254 alloca_used);
255 else
256 {
257 aliases_len = malloc (serv_resp.s_aliases_cnt
258 * sizeof (uint32_t));
259 if (aliases_len == NULL)
260 {
261 retval = ENOMEM;
262 goto out_close;
263 }
264 }
265 vec[n].iov_base = (void *) aliases_len;
266 vec[n].iov_len = serv_resp.s_aliases_cnt * sizeof (uint32_t);
267
268 total_len += serv_resp.s_aliases_cnt * sizeof (uint32_t);
269 ++n;
270 }
271
272 if ((size_t) __readvall (sock, vec, n) != total_len)
273 goto out_close;
274 }
275 else
276 memcpy (resultbuf->s_name, s_name,
277 serv_resp.s_name_len + serv_resp.s_proto_len);
278
279 /* Now we also can read the aliases. */
280 total_len = 0;
281 for (cnt = 0; cnt < serv_resp.s_aliases_cnt; ++cnt)
282 {
283 resultbuf->s_aliases[cnt] = cp;
284 cp += aliases_len[cnt];
285 total_len += aliases_len[cnt];
286 }
287 resultbuf->s_aliases[cnt] = NULL;
288
289 if (__builtin_expect ((const char *) aliases_list + total_len > recend,
290 0))
291 {
292 /* aliases_len array might contain garbage during nscd GC cycle,
293 retry rather than fail in that case. */
294 if (aliases_list != NULL && mapped->head->gc_cycle != gc_cycle)
295 retval = -2;
296 goto out_close;
297 }
298
299 /* See whether this would exceed the buffer capacity. */
300 if (__glibc_unlikely (cp > buf + buflen))
301 {
302 /* aliases_len array might contain garbage during nscd GC cycle,
303 retry rather than fail in that case. */
304 if (aliases_list != NULL && mapped->head->gc_cycle != gc_cycle)
305 {
306 retval = -2;
307 goto out_close;
308 }
309 goto no_room;
310 }
311
312 /* And finally read the aliases. */
313 if (aliases_list == NULL)
314 {
315 if (total_len == 0
316 || ((size_t) __readall (sock, resultbuf->s_aliases[0], total_len)
317 == total_len))
318 {
319 retval = 0;
320 *result = resultbuf;
321 }
322 }
323 else
324 {
325 memcpy (resultbuf->s_aliases[0], aliases_list, total_len);
326
327 /* Try to detect corrupt databases. */
328 if (resultbuf->s_name[serv_resp.s_name_len - 1] != '\0'
329 || resultbuf->s_proto[serv_resp.s_proto_len - 1] != '\0'
330 || ({for (cnt = 0; cnt < serv_resp.s_aliases_cnt; ++cnt)
331 if (resultbuf->s_aliases[cnt][aliases_len[cnt] - 1]
332 != '\0')
333 break;
334 cnt < serv_resp.s_aliases_cnt; }))
335 {
336 /* We cannot use the database. */
337 if (mapped->head->gc_cycle != gc_cycle)
338 retval = -2;
339 goto out_close;
340 }
341
342 retval = 0;
343 *result = resultbuf;
344 }
345 }
346 else
347 {
348 /* Set errno to 0 to indicate no error, just no found record. */
349 __set_errno (0);
350 /* Even though we have not found anything, the result is zero. */
351 retval = 0;
352 }
353
354 out_close:
355 if (sock != -1)
356 __close_nocancel_nostatus (sock);
357 out:
358 if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
359 {
360 /* When we come here this means there has been a GC cycle while we
361 were looking for the data. This means the data might have been
362 inconsistent. Retry if possible. */
363 if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
364 {
365 /* nscd is just running gc now. Disable using the mapping. */
366 if (atomic_fetch_add_relaxed (&mapped->counter, -1) == 1)
367 __nscd_unmap (mapped);
368 mapped = NO_MAPPING;
369 }
370
371 if (retval != -1)
372 {
373 if (!alloca_aliases_len)
374 free ((void *) aliases_len);
375 goto retry;
376 }
377 }
378
379 if (!alloca_aliases_len)
380 free ((void *) aliases_len);
381 if (!alloca_key)
382 free (key);
383
384 return retval;
385 }