From 8027fdc430e1fbf94278adca0b58711d93fc4272 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <andersk@mit.edu>
Date: Fri, 23 Oct 2009 16:02:59 -0400
Subject: [PATCH] Check that a nonlocal lookup by id returns the right id.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
---
 nonlocal-group.c  | 5 +++++
 nonlocal-passwd.c | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/nonlocal-group.c b/nonlocal-group.c
index 074fc4e..6c3173a 100644
--- a/nonlocal-group.c
+++ b/nonlocal-group.c
@@ -391,6 +391,11 @@ _nss_nonlocal_getgrgid_r(gid_t gid, struct group *grp,
     if (status != NSS_STATUS_SUCCESS)
 	return status;
 
+    if (gid != grp->gr_gid) {
+	syslog(LOG_ERR, "nss_nonlocal: discarding gid %d from lookup for gid %d\n", grp->gr_gid, gid);
+	return NSS_STATUS_NOTFOUND;
+    }
+
     return check_nonlocal_group(grp->gr_name, grp, errnop);
 }
 
diff --git a/nonlocal-passwd.c b/nonlocal-passwd.c
index 0d71fe3..00763ed 100644
--- a/nonlocal-passwd.c
+++ b/nonlocal-passwd.c
@@ -399,6 +399,11 @@ _nss_nonlocal_getpwuid_r(uid_t uid, struct passwd *pwd,
     if (status != NSS_STATUS_SUCCESS)
 	return status;
 
+    if (uid != pwd->pw_uid) {
+	syslog(LOG_ERR, "nss_nonlocal: discarding uid %d from lookup for uid %d\n", pwd->pw_uid, uid);
+	return NSS_STATUS_NOTFOUND;
+    }
+
     status = check_nonlocal_passwd(pwd->pw_name, pwd, errnop);
     if (status != NSS_STATUS_SUCCESS)
 	return status;
-- 
2.44.0