From patchwork Thu Apr 2 23:49:21 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: DJ Delorie X-Patchwork-Id: 132644 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id C69924BA23DB for ; Thu, 2 Apr 2026 23:50:06 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C69924BA23DB Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ayex7aEq X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTP id 770774BA23C3 for ; Thu, 2 Apr 2026 23:49:33 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 770774BA23C3 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 770774BA23C3 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1775173773; cv=none; b=RAOV+0KQdNjrJQD/ssT0HI1qi/Gop1EeiqlU7ozMBzIXCqJHjfJ2gNsKhxdrSx+lhQeZIuWNhiT4cFOrs9VL5BRKZssvxvij8+7mNUievmrJZOHEeOcj4GquJsSBxq9Lkv36D/P+4qgknbbGmBW9L29oI8gIIIdgHAXpZSliPPo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1775173773; c=relaxed/simple; bh=L7DHp8aqIBriN8ujLoaeVkIOKTteA0UShxXWxKvcfjs=; h=DKIM-Signature:Date:Message-Id:From:To:Subject; b=sKuDhJ6xwgRXKk9EybZjOPZPGem/oDyYR7QoJnFx5ekuOA/8k30EO7RApRiFGWcQArHE3ZI/mwXgogBJtAhjhT/buJrWhxxQkjTezdfG3L8nhyrNpfPgCtEj7cW9ixkglWJW/S8HGRTjShts8BGhEGxMYiNIOoER1Y7YEVtGNWo= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 770774BA23C3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775173773; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:content-type:content-type; bh=8UqR9wP+5WFtgcfXzJQpUS4ECFeM6Xcy8uNMrTleqjQ=; b=Ayex7aEqN//wSfS/EZ0nMsWBNwm/Coai1XjoJDM3k8QR99lrLAdiAGwCVONE57UERTCS2x 8OWY/kx/HMFly7NSWDFY44PV9Q6XVtsxdqsNFJ997m6Q0VzcIKZKeo7RLX5+8VJ4ezY9QC AWKe1riZwTa3pBy6YJgnnZv39rulMZM= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-317-wo0XgHbJPK27WlgwRP5zQw-1; Thu, 02 Apr 2026 19:49:31 -0400 X-MC-Unique: wo0XgHbJPK27WlgwRP5zQw-1 X-Mimecast-MFC-AGG-ID: wo0XgHbJPK27WlgwRP5zQw_1775173771 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 07D7D1800769 for ; Thu, 2 Apr 2026 23:49:28 +0000 (UTC) Received: from greed.delorie.com (unknown [10.22.88.34]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B7E12180075F for ; Thu, 2 Apr 2026 23:49:27 +0000 (UTC) Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1]) by greed.delorie.com (8.16.1/8.16.1) with ESMTP id 632NnLJD2750529 for ; Thu, 2 Apr 2026 19:49:21 -0400 Date: Thu, 02 Apr 2026 19:49:21 -0400 Message-Id: From: DJ Delorie To: libc-alpha@sourceware.org Subject: [PATCH v1] nss: fix __get_default_domain logic X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: PkebjgYbkCqqpG9CS-buUnFXdwr4oeiK5y59XkYjhEY_1775173771 X-Mimecast-Originator: redhat.com content-type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Florian provided the fix, I did the testcase. This bug presents itself by affecting various ldap-related queries behind nss_compat, which makes it very difficult to reproduce in our testsuite, so this test is limited to testing the broken function itself. Since that function isn't exposed directly, I chose to just link that object to the test case and test it directly. nss: fix __get_default_domain logic Fix logic bug in __nss_get_default_domain that prevents proper initialization. Because this function is not exposed, the test case must link against the object directly. Co-authored-by: Florian Weimer diff --git a/nss/Makefile b/nss/Makefile index 1c48bd0876..54389ced0e 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -317,6 +317,7 @@ tests := \ test-netdb \ test-rpcent \ testgrp \ + tst-default-domain \ tst-fgetsgent_r \ tst-getaddrinfo \ tst-getaddrinfo2 \ @@ -515,6 +516,8 @@ endif $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)libnss_files.so $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)libnss_files.so +$(objpfx)tst-default-domain: $(objpfx)nisdomain.os + tst-nss-gai-hv2-canonname-ENV = \ MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so diff --git a/nss/nss_compat/nisdomain.c b/nss/nss_compat/nisdomain.c index e7a776b539..e98ad69f44 100644 --- a/nss/nss_compat/nisdomain.c +++ b/nss/nss_compat/nisdomain.c @@ -36,7 +36,7 @@ __nss_get_default_domain (char **outdomain) __libc_lock_lock (domainname_lock); - if (domainname[0] != '\0') + if (domainname[0] == '\0') { if (getdomainname (domainname, MAXDOMAINNAMELEN) < 0) result = errno; diff --git a/nss/tst-default-domain.c b/nss/tst-default-domain.c new file mode 100644 index 0000000000..2fa9153d88 --- /dev/null +++ b/nss/tst-default-domain.c @@ -0,0 +1,123 @@ +/* Basic test of __nss_get_default_domain + Copyright (C) 2026 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +#include "nss_compat/nisdomain.h" + +#include +#include +#include +#include + +char unset_domain[] = "unset_domain"; +char new_domain[] = "new_domain"; + +/* This function checks the __nss_get_default_domain() function in + nss_compat/nssdomain.c. Because this is an internal function to + libnss_compat.so, the Makefile will link that object to this test + case directly. */ + +static int +do_test (void) +{ + char *domain_name; + char buf[1024]; + + /* We need to be in a network namespace so we can change the domain + name without interfering with the host system. */ + support_become_root (); + support_enter_network_namespace (); + if (!support_in_uts_namespace ()) + return EXIT_UNSUPPORTED; + + /* First pass: set an empty domain and make sure it's returned + correctly. This should not be cached. */ + + /* Set the domain name to a known value. */ + TEST_VERIFY (setdomainname ("", 0) == 0); + + /* Make sure it got set. */ + TEST_VERIFY (getdomainname (buf, sizeof(buf)) == 0); + TEST_COMPARE_STRING (buf, ""); + + /* Set this to a known "unknown" value so we can detect if it's not + changed. */ + domain_name = unset_domain; + + /* This is the function we're testing. */ + TEST_VERIFY (__nss_get_default_domain (& domain_name) == 0); + + /* Make sure the correct domain name is returned. */ + TEST_VERIFY (domain_name != NULL); + TEST_COMPARE_STRING (domain_name, ""); + + /* Second pass: set a non-empty domain and make sure it's returned + correctly. This works because the empty domain is not + cached. */ + + /* Set the domain name to a known value. */ + TEST_VERIFY (setdomainname (new_domain, strlen (new_domain)) == 0); + + /* Make sure it got set. */ + TEST_VERIFY (getdomainname (buf, sizeof(buf)) == 0); + TEST_COMPARE_STRING (buf, new_domain); + + /* Set this to a known "unknown" value so we can detect if it's not + changed. */ + domain_name = unset_domain; + + /* This is the function we're testing. */ + TEST_VERIFY (__nss_get_default_domain (& domain_name) == 0); + + /* Make sure the correct domain name is returned. */ + TEST_VERIFY (domain_name != NULL); + TEST_COMPARE_STRING (domain_name, new_domain); + + /* The function caches the name, so check it twice. */ + TEST_VERIFY (__nss_get_default_domain (& domain_name) == 0); + + TEST_VERIFY (domain_name != NULL); + TEST_COMPARE_STRING (domain_name, new_domain); + + /* Third pass: set an empty domain again but expect the cached + value. */ + + /* Set the domain name to a known value. */ + TEST_VERIFY (setdomainname ("", 0) == 0); + + /* Make sure it got set. */ + TEST_VERIFY (getdomainname (buf, sizeof(buf)) == 0); + TEST_COMPARE_STRING (buf, ""); + + /* Set this to a known "unknown" value so we can detect if it's not + changed. */ + domain_name = unset_domain; + + /* This is the function we're testing. */ + TEST_VERIFY (__nss_get_default_domain (& domain_name) == 0); + + TEST_VERIFY (domain_name != NULL); + TEST_COMPARE_STRING (domain_name, new_domain); + + return 0; +} + +#include