From: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Fri, 24 Jan 2014 08:21:15 +0000 (+0530)
Subject: Adjust pointers to triplets in netgroup query data (BZ #16474)
X-Git-Tag: glibc-2.19~91
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d41dadf31bc8a2f9c34c40d52a442d3794e405c;p=thirdparty%2Fglibc.git

Adjust pointers to triplets in netgroup query data (BZ #16474)

The _nss_*_getnetgrent_r query populates the netgroup results in the
allocated buffer and then sets the result triplet to point to strings
in the buffer.  This is a problem when the buffer is reallocated since
the pointers to the triplet strings are no longer valid.  The pointers
need to be adjusted so that they now point to strings in the
reallocated buffer.
---

diff --git a/ChangeLog b/ChangeLog
index 0f4453ec7fa..1d19695a17a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-01-24  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16474]
+	* nscd/netgroupcache.c (addgetnetgrentX): Adjust triplet
+	string pointers after reallocation.
+
 2014-01-24  Kaz Kojima  <kkojima@rr.iij4u.or.jp>
 
 	* sysdeps/unix/sysv/linux/sh/sys/ucontext.h: Use __SH4__ and
diff --git a/NEWS b/NEWS
index f4f22a8f3e5..5601403ee8e 100644
--- a/NEWS
+++ b/NEWS
@@ -25,7 +25,7 @@ Version 2.19
   16151, 16153, 16167, 16169, 16172, 16195, 16214, 16245, 16271, 16274,
   16283, 16289, 16293, 16314, 16316, 16330, 16337, 16338, 16356, 16365,
   16366, 16369, 16372, 16375, 16379, 16384, 16385, 16386, 16387, 16390,
-  16394, 16400, 16407, 16408, 16414, 16430, 16431, 16453.
+  16394, 16400, 16407, 16408, 16414, 16430, 16431, 16453, 16474.
 
 * Slovenian translations for glibc messages have been contributed by the
   Translation Project's Slovenian team of translators.
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 58234b14923..924567c3f3a 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -241,7 +241,17 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 				if (buflen - req->key_len - bufused < needed)
 				  {
 				    buflen += MAX (buflen, 2 * needed);
-				    buffer = xrealloc (buffer, buflen);
+				    char *newbuf = xrealloc (buffer, buflen);
+				    /* Adjust the pointers in the new
+				       buffer.  */
+				    nhost = (nhost ? newbuf + (nhost - buffer)
+					     : NULL);
+				    nuser = (nuser ? newbuf + (nuser - buffer)
+					     : NULL);
+				    ndomain = (ndomain
+					       ? newbuf + (ndomain - buffer)
+					       : NULL);
+				    buffer = newbuf;
 				  }
 
 				nhost = memcpy (buffer + bufused,