about summary refs log tree commit diff
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2014-01-27 11:32:44 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2014-01-27 11:32:44 +0530
commitaf37a8a3496327a6e5617a2c76f17aa1e8db835e (patch)
tree20fcea9ef0d2c17620c801b4c990259565cce399
parent0c00f062dd97e4ebb3244147fc5af962aba53c7e (diff)
downloadglibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.tar.gz
glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.tar.xz
glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.zip
Avoid undefined behaviour in netgroupcache
Using a buffer after it has been reallocated is undefined behaviour,
so get offsets of the triplets in the old buffer before reallocating
it.
-rw-r--r--ChangeLog5
-rw-r--r--nscd/netgroupcache.c16
2 files changed, 16 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 1a23eba66e..a1f549e655 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-01-27  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	* nscd/netgroupcache.c (addgetnetgrentX): Compute offset from
+	the old buffer before realloc.
+
 2014-01-27  Allan McRae  <allan@archlinux.org>
 
 	* po/fr.po: Update French translation from translation project.
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 924567c3f3..be01fe8670 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -241,15 +241,21 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 				if (buflen - req->key_len - bufused < needed)
 				  {
 				    buflen += MAX (buflen, 2 * needed);
+				    /* Save offset in the old buffer.  We don't
+				       bother with the NULL check here since
+				       we'll do that later anyway.  */
+				    size_t nhostdiff = nhost - buffer;
+				    size_t nuserdiff = nuser - buffer;
+				    size_t ndomaindiff = ndomain - buffer;
+
 				    char *newbuf = xrealloc (buffer, buflen);
-				    /* Adjust the pointers in the new
+				    /* Fix up the triplet pointers into the new
 				       buffer.  */
-				    nhost = (nhost ? newbuf + (nhost - buffer)
+				    nhost = (nhost ? newbuf + nhostdiff
 					     : NULL);
-				    nuser = (nuser ? newbuf + (nuser - buffer)
+				    nuser = (nuser ? newbuf + nuserdiff
 					     : NULL);
-				    ndomain = (ndomain
-					       ? newbuf + (ndomain - buffer)
+				    ndomain = (ndomain ? newbuf + ndomaindiff
 					       : NULL);
 				    buffer = newbuf;
 				  }