Use reentrant versions of getpwnam & getgrnam functions for thread safetytizen_9.0_m2_releasetizen_8.0_m2_releasetizen_7.0_m2_releasesubmit/tizen/20220901.020838accepted/tizen/unified/20220901.125808accepted/tizen/9.0/unified/20241030.234254accepted/tizen/8.0/unified/20231005.095117accepted/tizen/7.0/unified/hotfix/20221116.111029accepted/tizen/7.0/unified/20221110.062134tizen_9.0tizen_7.0_hotfixtizen_7.0accepted/tizen_unifiedaccepted/tizen_9.0_unifiedaccepted/tizen_8.0_unifiedaccepted/tizen_7.0_unified_hotfixaccepted/tizen_7.0_unified

Change-Id: I3b81302f8547d983f99e50da5b1d0e4c84b94106
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

2 files changed, 77 insertions, 0 deletions

diff --git a/packaging/Use-reentrant-versions-of-getpwnam-getgrnam.patch b/packaging/Use-reentrant-versions-of-getpwnam-getgrnam.patch
new file mode 100644
index 0000000..9713f4c
--- /dev/null
+++ b/packaging/Use-reentrant-versions-of-getpwnam-getgrnam.patch
@@ -0,0 +1,75 @@
+From 22f5e6df48f8ba3f303221d14e47afb712433d4a Mon Sep 17 00:00:00 2001
+From: Karol Lewandowski <k.lewandowsk@samsung.com>
+Date: Mon, 30 May 2022 13:16:56 +0200
+Subject: [PATCH] Use reentrant versions of getpwnam & getgrnam functions for
+ thread safety
+
+Change-Id: I3b81302f8547d983f99e50da5b1d0e4c84b94106
+---
+ lib/decode.c | 31 +++++++++++++++++++++----------
+ 1 file changed, 21 insertions(+), 10 deletions(-)
+
+diff --git a/lib/decode.c b/lib/decode.c
+index c16ea2d..43cd17b 100644
+--- a/lib/decode.c
++++ b/lib/decode.c
+@@ -21,6 +21,10 @@
+ # include <string.h>
+ #endif
+
++/* Hardcoded buffer limit to avoid calling sysconf() where it can not
++ * reliably fail */
++#define GET_PWGR_SIZE_MAX	16384
++
+
+ /* determine full path name */
+ char *
+@@ -42,16 +46,22 @@ th_get_pathname(TAR *t)
+ 	return filename;
+ }
+
+-
+ uid_t
+ th_get_uid(TAR *t)
+ {
+ 	int uid;
+-	struct passwd *pw;
+-
+-	pw = getpwnam(t->th_buf.uname);
+-	if (pw != NULL)
+-		return pw->pw_uid;
++	struct passwd pw, *pwresult = NULL;
++	/* Theoretically this function should use sysconf(_SC_GETPW_R_SIZE_MAX)
++	 * to get buffer size for getpwnam_r() and allocate this size.  Unfortunately,
++	 * this function has not possibility  to return any error, including OOM.
++	 * Due to this we allocate static buffer size to avoid the need to handle
++	 * these kinds of errors.
++	 */
++	char buf[GET_PWGR_SIZE_MAX] = "";
++
++	(void)getpwnam_r(t->th_buf.uname, &pw, buf, sizeof(buf), &pwresult);
++	if (pwresult != NULL)
++		return pwresult->pw_uid;
+
+ 	/* if the password entry doesn't exist */
+ 	sscanf(t->th_buf.uid, "%o", &uid);
+@@ -63,11 +73,12 @@ gid_t
+ th_get_gid(TAR *t)
+ {
+ 	int gid;
+-	struct group *gr;
++	struct group gr, *grresult = NULL;
++	char buf[GET_PWGR_SIZE_MAX] = ""; /* See note in th_get_uid() */
+
+-	gr = getgrnam(t->th_buf.gname);
+-	if (gr != NULL)
+-		return gr->gr_gid;
++	(void)getgrnam_r(t->th_buf.gname, &gr, buf, sizeof(buf), &grresult);
++	if (grresult != NULL)
++		return grresult->gr_gid;
+
+ 	/* if the group entry doesn't exist */
+ 	sscanf(t->th_buf.gid, "%o", &gid);
+--
+2.25.1
+
diff --git a/packaging/libtar.spec b/packaging/libtar.spec
index cb30a08..59a013f 100644
--- a/packaging/libtar.spec
+++ b/packaging/libtar.spec
@@ -9,6 +9,7 @@ License:    NCSA
 
 Group:      Development/ROS
 Source0:    %{name}-%{version}.tar.gz
+Source10:   Use-reentrant-versions-of-getpwnam-getgrnam.patch
 Source1001: %{name}.manifest
 
 # ==========================================================
@@ -32,6 +33,7 @@ Library for manipulating tar files from within C programs(devel)
 
 %prep
 %setup -q
+%{__patch} -p1 < %{SOURCE10}
 cp %{SOURCE1001} .
 
 # ==========================================================