Debian Patches

Status for acl/2.3.2-2

Patch Description Author Forwarded Bugs Origin Last update
0001-libmisc-__acl_get_uid-fix-memory-wasting-loop-if-use.patch [PATCH acl] libmisc: __acl_get_uid(): fix memory wasting loop if user does not exist

I noticed that `acl_from_text()` unexpectedly returns ENOMEM for invalid
user names. The reason for this is a missing break statement in the for
loop in `__acl_get_uid()`, which causes the loop to act as if ERANGE was
returned from `getpwnam_r()`, thereby exponentially increasing the
buffer size to (in my case) multiple gigabytes, until `grow_buffer()`
reports ENOMEM, which terminates the `__acl_get_uid()` function.

This is a pretty costly "no such user" lookup that can disturb a
process's heap memory management, but can also cause a process to fail
e.g. if it is multithreaded and other threads encounter an ENOMEM,
before `__acl_get_uid()` frees the gigantic heap buffer and returns.
The allocated memory isn't actually used. Therefore on Linux it should
not affect other processes by default, due to its overcommit memory
and lazy memory allocation strategy.

Fix this by properly terminating the for loop on any conditions except
an ERANGE error being reported. The same break statement correctly
exists in `__acl_get_gid()` already.
Matthias Gerstner <matthias.gerstner@suse.de> not-needed upstream, commit56abe432b65801f31277fb9a3bca0f9e31502315 2024-04-25
getfacl-fix-uninitialized-variable.patch Fix usage of uninitialized variable. Vasily Gurevich <vas.gurevich@gmail.com> invalid debian 2020-03-01

All known versions for source package 'acl'

Links