]>
Commit | Line | Data |
---|---|---|
bb330e25 AF |
1 | commit c44496df2f090a56d3bf75df930592dac6bba46f |
2 | Author: Siddhesh Poyarekar <siddhesh@redhat.com> | |
3 | Date: Wed Mar 12 17:27:22 2014 +0530 | |
4 | ||
5 | Provide correct buffer length to netgroup queries in nscd (BZ #16695) | |
6 | ||
7 | The buffer to query netgroup entries is allocated sufficient space for | |
8 | the netgroup entries and the key to be appended at the end, but it | |
9 | sends in an incorrect available length to the NSS netgroup query | |
10 | functions, resulting in overflow of the buffer in some special cases. | |
11 | The fix here is to factor in the key length when sending the available | |
12 | buffer and buffer length to the query functions. | |
13 | ||
14 | diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c | |
15 | index 426d3c5..5ba1e1f 100644 | |
16 | --- a/nscd/netgroupcache.c | |
17 | +++ b/nscd/netgroupcache.c | |
18 | @@ -202,7 +202,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, | |
19 | { | |
20 | int e; | |
21 | status = getfct.f (&data, buffer + buffilled, | |
22 | - buflen - buffilled, &e); | |
23 | + buflen - buffilled - req->key_len, &e); | |
24 | if (status == NSS_STATUS_RETURN | |
25 | || status == NSS_STATUS_NOTFOUND) | |
26 | /* This was either the last one for this group or the |