summary refs log tree commit diff
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2014-03-12 17:27:22 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2014-03-12 17:28:13 +0530
commitc44496df2f090a56d3bf75df930592dac6bba46f (patch)
tree8524bc2814c863852dd3622840acc42cb9861326
parent27c7220a483bda576533aa9a0a9b42175644b1a1 (diff)
downloadglibc-c44496df2f090a56d3bf75df930592dac6bba46f.tar.gz
glibc-c44496df2f090a56d3bf75df930592dac6bba46f.tar.xz
glibc-c44496df2f090a56d3bf75df930592dac6bba46f.zip
Provide correct buffer length to netgroup queries in nscd (BZ #16695)
The buffer to query netgroup entries is allocated sufficient space for
the netgroup entries and the key to be appended at the end, but it
sends in an incorrect available length to the NSS netgroup query
functions, resulting in overflow of the buffer in some special cases.
The fix here is to factor in the key length when sending the available
buffer and buffer length to the query functions.
-rw-r--r--ChangeLog6
-rw-r--r--NEWS2
-rw-r--r--nscd/netgroupcache.c2
3 files changed, 8 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 21bd6210fb..ef301d8c37 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-03-12  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16695]
+	* nscd/netgroupcache.c (addgetnetgrentX): Factor in space for
+	key in the buffer.
+
 2014-03-12  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
 
 	* sysdeps/powerpc/powerpc64/multiarch/strspn.c (strspn): Build IFUNC
diff --git a/NEWS b/NEWS
index 51ccb27f5f..483eff1131 100644
--- a/NEWS
+++ b/NEWS
@@ -10,7 +10,7 @@ Version 2.20
 * The following bugs are resolved with this release:
 
   15347, 15804, 15894, 16447, 16532, 16545, 16574, 16600, 16609, 16610,
-  16611, 16613, 16623, 16632, 16639, 16670, 16674, 16677, 16683.
+  16611, 16613, 16623, 16632, 16639, 16670, 16674, 16677, 16683, 16695.
 
 * The am33 port, which had not worked for several years, has been removed
   from ports.
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 426d3c5e39..5ba1e1f277 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -202,7 +202,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 		  {
 		    int e;
 		    status = getfct.f (&data, buffer + buffilled,
-				       buflen - buffilled, &e);
+				       buflen - buffilled - req->key_len, &e);
 		    if (status == NSS_STATUS_RETURN
 			|| status == NSS_STATUS_NOTFOUND)
 		      /* This was either the last one for this group or the