]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
projects / thirdparty / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9583c35)
Provide correct buffer length to netgroup queries in nscd (BZ #16695)
authorSiddhesh Poyarekar <siddhesh@redhat.com>
Wed, 12 Mar 2014 11:57:22 +0000 (17:27 +0530)
committerAllan McRae <allan@archlinux.org>
Fri, 5 Sep 2014 12:44:10 +0000 (22:44 +1000)
The buffer to query netgroup entries is allocated sufficient space for
the netgroup entries and the key to be appended at the end, but it
sends in an incorrect available length to the NSS netgroup query
functions, resulting in overflow of the buffer in some special cases.
The fix here is to factor in the key length when sending the available
buffer and buffer length to the query functions.

(cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f)

Conflicts:
NEWS

ChangeLog patch | blob | blame | history
NEWS patch | blob | blame | history
nscd/netgroupcache.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index b6185a9861da3735a678a65abd67b6cd372e5a93..d84e14dd851c13bee3957d178b554ab9cf2cc8a4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-03-12  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+       [BZ #16695]
+       * nscd/netgroupcache.c (addgetnetgrentX): Factor in space for
+       key in the buffer.
+
 2014-06-20  Maciej W. Rozycki  <macro@codesourcery.com>
 
        [BZ #16046]
diff --git a/NEWS b/NEWS
index 3f762d1ffb472d686864e25333ef79d278f8003c..58fe721c752486ed738aa5c40d23cdb4f2e55058 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,8 +9,8 @@ Version 2.19.1
 
 * The following bugs are resolved with this release:
 
-  15946, 16545, 16574, 16623, 16882, 16885, 16916, 16932, 16943, 16958,
-  17048, 17069.
+  15946, 16545, 16574, 16623, 16695, 16882, 16885, 16916, 16932, 16943,
+  16958, 17048, 17069.
 
 * CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
   copy the path argument.  This allowed programs to cause posix_spawn to
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index be01fe867031ea3d2c3581d80048a4dd553a9dcc..fe7fc750e20a8409f037c4863e903c00f0f0c588 100644 (file)
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -202,7 +202,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
                  {
                    int e;
                    status = getfct.f (&data, buffer + buffilled,
-                                      buflen - buffilled, &e);
+                                      buflen - buffilled - req->key_len, &e);
                    if (status == NSS_STATUS_RETURN
                        || status == NSS_STATUS_NOTFOUND)
                      /* This was either the last one for this group or the
A mirror of the official glibc repository