projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| bb330e25 AF |
1 | commit c44496df2f090a56d3bf75df930592dac6bba46f |
| 2 | Author: Siddhesh Poyarekar <siddhesh@redhat.com> | |
| 3 | Date: Wed Mar 12 17:27:22 2014 +0530 | |
| 4 | ||
| 5 | Provide correct buffer length to netgroup queries in nscd (BZ #16695) | |
| 6 | ||
| 7 | The buffer to query netgroup entries is allocated sufficient space for | |
| 8 | the netgroup entries and the key to be appended at the end, but it | |
| 9 | sends in an incorrect available length to the NSS netgroup query | |
| 10 | functions, resulting in overflow of the buffer in some special cases. | |
| 11 | The fix here is to factor in the key length when sending the available | |
| 12 | buffer and buffer length to the query functions. | |
| 13 | ||
| 14 | diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c | |
| 15 | index 426d3c5..5ba1e1f 100644 | |
| 16 | --- a/nscd/netgroupcache.c | |
| 17 | +++ b/nscd/netgroupcache.c | |
| 18 | @@ -202,7 +202,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, | |
| 19 | { | |
| 20 | int e; | |
| 21 | status = getfct.f (&data, buffer + buffilled, | |
| 22 | - buflen - buffilled, &e); | |
| 23 | + buflen - buffilled - req->key_len, &e); | |
| 24 | if (status == NSS_STATUS_RETURN | |
| 25 | || status == NSS_STATUS_NOTFOUND) | |
| 26 | /* This was either the last one for this group or the |