Updated to fedora-glibc-20050721T0814

5 files changed, 95 insertions, 47 deletions

diff --git a/nscd/Makefile b/nscd/Makefile
index 2ebd90b989..5a2d29a0a5 100644
--- a/nscd/Makefile
+++ b/nscd/Makefile
@@ -84,10 +84,13 @@ CFLAGS-nscd_gethst_r.c = -fexceptions
 CFLAGS-nscd_getai.c = -fexceptions
 CFLAGS-nscd_initgroups.c = -fexceptions
 
-nscd-cflags = -DIS_IN_nscd=1
+nscd-cflags = -DIS_IN_nscd=1 -D_FORTIFY_SOURCE=2
 ifeq (yesyes,$(have-fpie)$(build-shared))
 nscd-cflags += -fpie
 endif
+ifeq (yes,$(have-ssp))
+nscd-cflags += -fstack-protector
+endif
 
 CFLAGS-nscd.c += $(nscd-cflags)
 CFLAGS-connections.c += $(nscd-cflags)
diff --git a/nscd/connections.c b/nscd/connections.c
index 0ca7585f14..d18851f828 100644
--- a/nscd/connections.c
+++ b/nscd/connections.c
@@ -393,20 +393,23 @@ cannot create read-only descriptor for \"%s\"; no mmap"),
 		if (offset % ps != 0)
 		  {
 		    towrite = MIN (remaining, ps - (offset % ps));
-		    pwrite (fd, tmpbuf, towrite, offset);
+		    if (pwrite (fd, tmpbuf, towrite, offset) != towrite)
+		      goto write_fail;
 		    offset += towrite;
 		    remaining -= towrite;
 		  }
 
 		while (remaining > ps)
 		  {
-		    pwrite (fd, tmpbuf, ps, offset);
+		    if (pwrite (fd, tmpbuf, ps, offset) == -1)
+		      goto write_fail;
 		    offset += ps;
 		    remaining -= ps;
 		  }
 
-		if (remaining > 0)
-		  pwrite (fd, tmpbuf, remaining, offset);
+		if (remaining > 0
+		    && pwrite (fd, tmpbuf, remaining, offset) != remaining)
+		  goto write_fail;
 
 		/* Create the header of the file.  */
 		struct database_pers_head head =
@@ -426,6 +429,7 @@ cannot create read-only descriptor for \"%s\"; no mmap"),
 		    || (mem = mmap (NULL, total, PROT_READ | PROT_WRITE,
 				    MAP_SHARED, fd, 0)) == MAP_FAILED)
 		  {
+		  write_fail:
 		    unlink (dbs[cnt].db_filename);
 		    dbg_log (_("cannot write to database file %s: %s"),
 			     dbs[cnt].db_filename, strerror (errno));
@@ -604,9 +608,14 @@ send_ro_fd (struct database_dyn *db, char *key, int fd)
   iov[0].iov_len = strlen (key) + 1;
 
   /* Prepare the control message to transfer the descriptor.  */
-  char buf[CMSG_SPACE (sizeof (int))];
+  union
+  {
+    struct cmsghdr hdr;
+    char bytes[CMSG_SPACE (sizeof (int))];
+  } buf;
   struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1,
-			.msg_control = buf, .msg_controllen = sizeof (buf) };
+			.msg_control = buf.bytes,
+			.msg_controllen = sizeof (buf) };
   struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);
 
   cmsg->cmsg_level = SOL_SOCKET;
@@ -960,7 +969,9 @@ cannot change to old working directory: %s; disabling paranoia mode"),
       setuid (server_uid);
       setgid (server_gid);
     }
-  chdir ("/");
+  if (chdir ("/") != 0)
+    dbg_log (_("cannot change current working directory to \"/\": %s"),
+	     strerror (errno));
   paranoia = 0;
 }
 
diff --git a/nscd/grpcache.c b/nscd/grpcache.c
index 5d327f360c..c938554b25 100644
--- a/nscd/grpcache.c
+++ b/nscd/grpcache.c
@@ -167,7 +167,7 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req,
       char *gr_name;
       char *cp;
       const size_t key_len = strlen (key);
-      const size_t buf_len = 3 + sizeof (grp->gr_gid) + key_len + 1;
+      const size_t buf_len = 3 * sizeof (grp->gr_gid) + key_len + 1;
       char *buf = alloca (buf_len);
       ssize_t n;
       size_t cnt;
diff --git a/nscd/nscd.c b/nscd/nscd.c
index e6921c2ceb..4d14f06ecf 100644
--- a/nscd/nscd.c
+++ b/nscd/nscd.c
@@ -243,7 +243,9 @@ main (int argc, char **argv)
 
       setsid ();
 
-      chdir ("/");
+      if (chdir ("/") != 0)
+	error (EXIT_FAILURE, errno,
+	       _("cannot change current working cirectory to \"/\""));
 
       openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON);
 
diff --git a/nscd/nscd_helper.c b/nscd/nscd_helper.c
index c99cb430aa..65e78a1174 100644
--- a/nscd/nscd_helper.c
+++ b/nscd/nscd_helper.c
@@ -26,6 +26,7 @@
 #include <sys/poll.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#include <sys/time.h>
 #include <sys/uio.h>
 #include <sys/un.h>
 #include <not-cancel.h>
@@ -135,6 +136,36 @@ __nscd_unmap (struct mapped_database *mapped)
 }
 
 
+static int
+wait_on_socket (int sock)
+{
+  struct pollfd fds[1];
+  fds[0].fd = sock;
+  fds[0].events = POLLIN | POLLERR | POLLHUP;
+  int n = __poll (fds, 1, 5 * 1000);
+  if (n == -1 && __builtin_expect (errno == EINTR, 0))
+    {
+      /* Handle the case where the poll() call is interrupted by a
+	 signal.  We cannot just use TEMP_FAILURE_RETRY since it might
+	 lead to infinite loops.  */
+      struct timeval now;
+      (void) __gettimeofday (&now, NULL);
+      long int end = (now.tv_sec + 5) * 1000 + (now.tv_usec + 500) / 1000;
+      while (1)
+	{
+	  long int timeout = end - (now.tv_sec * 1000
+				    + (now.tv_usec + 500) / 1000);
+	  n = __poll (fds, 1, timeout);
+	  if (n != -1 || errno != EINTR)
+	    break;
+	  (void) __gettimeofday (&now, NULL);
+	}
+    }
+
+  return n;
+}
+
+
 /* Try to get a file descriptor for the shared meory segment
    containing the database.  */
 static struct mapped_database *
@@ -166,8 +197,8 @@ get_mapping (request_type type, const char *key,
   iov[1].iov_base = (void *) key;
   iov[1].iov_len = keylen;
 
-  if (TEMP_FAILURE_RETRY (__writev (sock, iov, 2))
-      != iov[0].iov_len + iov[1].iov_len)
+  if (__builtin_expect (TEMP_FAILURE_RETRY (__writev (sock, iov, 2))
+			!= iov[0].iov_len + iov[1].iov_len, 0))
     /* We cannot even write the request.  */
     goto out_close2;
 
@@ -176,73 +207,80 @@ get_mapping (request_type type, const char *key,
   iov[0].iov_base = resdata;
   iov[0].iov_len = keylen;
 
-  char buf[CMSG_SPACE (sizeof (int))];
+  union
+  {
+    struct cmsghdr hdr;
+    char bytes[CMSG_SPACE (sizeof (int))];
+  } buf;
   struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1,
-			.msg_control = buf, .msg_controllen = sizeof (buf) };
+			.msg_control = buf.bytes,
+			.msg_controllen = sizeof (buf) };
   struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);
 
   cmsg->cmsg_level = SOL_SOCKET;
   cmsg->cmsg_type = SCM_RIGHTS;
   cmsg->cmsg_len = CMSG_LEN (sizeof (int));
 
+  /* This access is well-aligned since BUF is correctly aligned for an
+     int and CMSG_DATA preserves this alignment.  */
   *(int *) CMSG_DATA (cmsg) = -1;
 
   msg.msg_controllen = cmsg->cmsg_len;
 
-  struct pollfd fds[1];
-  fds[0].fd = sock;
-  fds[0].events = POLLIN | POLLERR | POLLHUP;
-  if (__poll (fds, 1, 5 * 1000) <= 0)
-    /* Failure or timeout.  */
+  if (wait_on_socket (sock) <= 0)
     goto out_close2;
 
 #ifndef MSG_NOSIGNAL
 # define MSG_NOSIGNAL 0
 #endif
-  if (TEMP_FAILURE_RETRY (__recvmsg (sock, &msg, MSG_NOSIGNAL)) != keylen)
+  if (__builtin_expect (TEMP_FAILURE_RETRY (__recvmsg (sock, &msg,
+						       MSG_NOSIGNAL))
+			!= keylen, 0))
     goto out_close2;
 
   mapfd = *(int *) CMSG_DATA (cmsg);
 
-  if (CMSG_FIRSTHDR (&msg)->cmsg_len != CMSG_LEN (sizeof (int)))
+  if (__builtin_expect (CMSG_FIRSTHDR (&msg)->cmsg_len
+			!= CMSG_LEN (sizeof (int)), 0))
     goto out_close;
 
   struct stat64 st;
-  if (strcmp (resdata, key) != 0
-      || fstat64 (mapfd, &st) != 0
-      || st.st_size < sizeof (struct database_pers_head))
+  if (__builtin_expect (strcmp (resdata, key) != 0, 0)
+      || __builtin_expect (fstat64 (mapfd, &st) != 0, 0)
+      || __builtin_expect (st.st_size < sizeof (struct database_pers_head), 0))
     goto out_close;
 
   struct database_pers_head head;
-  if (TEMP_FAILURE_RETRY (__pread (mapfd, &head, sizeof (head), 0))
-      != sizeof (head))
+  if (__builtin_expect (TEMP_FAILURE_RETRY (__pread (mapfd, &head,
+						     sizeof (head), 0))
+			!= sizeof (head), 0))
     goto out_close;
 
-  if (head.version != DB_VERSION || head.header_size != sizeof (head)
+  if (__builtin_expect (head.version != DB_VERSION, 0)
+      || __builtin_expect (head.header_size != sizeof (head), 0)
       /* This really should not happen but who knows, maybe the update
 	 thread got stuck.  */
-      || (! head.nscd_certainly_running
-	  && head.timestamp + MAPPING_TIMEOUT < time (NULL)))
+      || __builtin_expect (! head.nscd_certainly_running
+			   && head.timestamp + MAPPING_TIMEOUT < time (NULL),
+			   0))
     goto out_close;
 
   size_t size = (sizeof (head) + roundup (head.module * sizeof (ref_t), ALIGN)
 		 + head.data_size);
 
-  if (st.st_size < size)
+  if (__builtin_expect (st.st_size < size, 0))
     goto out_close;
 
   /* The file is large enough, map it now.  */
   void *mapping = __mmap (NULL, size, PROT_READ, MAP_SHARED, mapfd, 0);
-  if (mapping != MAP_FAILED)
+  if (__builtin_expect (mapping != MAP_FAILED, 1))
     {
       /* Allocate a record for the mapping.  */
-      struct mapped_database *newp;
-
-      newp = malloc (sizeof (*newp));
+      struct mapped_database *newp = malloc (sizeof (*newp));
       if (newp == NULL)
 	{
 	  /* Ugh, after all we went through the memory allocation failed.  */
-	  __munmap (result, size);
+	  __munmap (mapping, size);
 	  goto out_close;
 	}
 
@@ -372,19 +410,13 @@ __nscd_open_socket (const char *key, size_t keylen, request_type type,
       vec[1].iov_len = keylen;
 
       ssize_t nbytes = TEMP_FAILURE_RETRY (__writev (sock, vec, 2));
-      if (nbytes == (ssize_t) (sizeof (request_header) + keylen))
-	{
+      if (nbytes == (ssize_t) (sizeof (request_header) + keylen)
 	  /* Wait for data.  */
-	  struct pollfd fds[1];
-	  fds[0].fd = sock;
-	  fds[0].events = POLLIN | POLLERR | POLLHUP;
-	  if (__poll (fds, 1, 5 * 1000) > 0)
-	    {
-	      nbytes = TEMP_FAILURE_RETRY (__read (sock, response,
-						   responselen));
-	      if (nbytes == (ssize_t) responselen)
-		return sock;
-	    }
+	  && wait_on_socket (sock) > 0)
+	{
+	  nbytes = TEMP_FAILURE_RETRY (__read (sock, response, responselen));
+	  if (nbytes == (ssize_t) responselen)
+	    return sock;
 	}
 
       close_not_cancel_no_status (sock);