diff --git a/acl.spec b/acl.spec index 6066dfb14869e556294a239e8ae4e5d918d2b60b..5bf734fc79d122d9592a7280c4e32e19b1e035ca 100644 --- a/acl.spec +++ b/acl.spec @@ -1,6 +1,6 @@ Name: acl Version: 2.3.2 -Release: 2 +Release: 3 Summary: Commands for manipulating POSIX access control lists License: GPL-2.0-or-later AND LGPL-2.1-or-later @@ -9,6 +9,7 @@ Source0: http://download.savannah.nongnu.org/releases/acl/%{name}-%{versio Patch1: backport-acl_copy_entry-Prevent-accidental-NULL-pointer-deref.patch Patch2: 0001-Fix-the-failure-of-testcase-restore-test.patch +Patch3: backport-libmisc-__acl_get_uid-fix-memory-wasting-loop-if-use.patch BuildRequires: libattr-devel gawk libtool gettext BuildRequires: chrpath @@ -83,6 +84,9 @@ fi %{_mandir}/man?/* %changelog +* Thu Jun 19 2025 yixiangzhike - 2.3.2-3 +- Backport upstream patch to fix memory wasting + * Mon Jun 9 2025 yixiangzhike - 2.3.2-2 - Fix the failure of testcase restore.test diff --git a/backport-libmisc-__acl_get_uid-fix-memory-wasting-loop-if-use.patch b/backport-libmisc-__acl_get_uid-fix-memory-wasting-loop-if-use.patch new file mode 100644 index 0000000000000000000000000000000000000000..e9eac566616996da75e5642ebc2fe25ee0ee7d41 --- /dev/null +++ b/backport-libmisc-__acl_get_uid-fix-memory-wasting-loop-if-use.patch @@ -0,0 +1,46 @@ +From 56abe432b65801f31277fb9a3bca0f9e31502315 Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Thu, 25 Apr 2024 12:43:49 +0200 +Subject: [PATCH] libmisc: __acl_get_uid(): fix memory wasting loop if user + does not exist + +I noticed that `acl_from_text()` unexpectedly returns ENOMEM for invalid +user names. The reason for this is a missing break statement in the for +loop in `__acl_get_uid()`, which causes the loop to act as if ERANGE was +returned from `getpwnam_r()`, thereby exponentially increasing the +buffer size to (in my case) multiple gigabytes, until `grow_buffer()` +reports ENOMEM, which terminates the `__acl_get_uid()` function. + +This is a pretty costly "no such user" lookup that can disturb a +process's heap memory management, but can also cause a process to fail +e.g. if it is multithreaded and other threads encounter an ENOMEM, +before `__acl_get_uid()` frees the gigantic heap buffer and returns. +The allocated memory isn't actually used. Therefore on Linux it should +not affect other processes by default, due to its overcommit memory +and lazy memory allocation strategy. + +Fix this by properly terminating the for loop on any conditions except +an ERANGE error being reported. The same break statement correctly +exists in `__acl_get_gid()` already. + +Fixes: 3737f00 ("use thread-safe getpwnam_r and getgrnam_r") +Signed-off-by: Andreas Gruenbacher +--- + libmisc/uid_gid_lookup.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libmisc/uid_gid_lookup.c b/libmisc/uid_gid_lookup.c +index a4f21f6..74baab4 100644 +--- a/libmisc/uid_gid_lookup.c ++++ b/libmisc/uid_gid_lookup.c +@@ -91,6 +91,7 @@ get_uid(const char *token, uid_t *uid_p) + if (err == ERANGE) + continue; + errno = err ? err : EINVAL; ++ break; + } + free(buffer); + return result ? 0 : -1; +-- +2.43.0 +