nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]

addinnetgrX may use the heap-allocated buffer, so free the buffer in this function. (cherry picked from commit 745664bd798ec8fd50438605948eea594179fba1)
author: Florian Weimer <fweimer@redhat.com> 2018-08-28 13:19:27 +0200
committer: Carlos O'Donell <carlos@redhat.com> 2018-11-09 10:17:00 -0500
commit: 7d174f53539bfbfa9cdfa41ead605573d3f219eb (patch)
tree: 2183c45cddfeb059c525327c5d6446bef91cc466 /ChangeLog
parent: 53a7e59405cbbbd24c1cf64b0298a9e6212a82e2 (diff)
download: glibc-7d174f53539bfbfa9cdfa41ead605573d3f219eb.tar.gz
glibc-7d174f53539bfbfa9cdfa41ead605573d3f219eb.tar.xz
glibc-7d174f53539bfbfa9cdfa41ead605573d3f219eb.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index e81991066e..79d303e7b6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2018-08-28  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #23520]
+	nscd: Fix use-after-free in addgetnetgrentX and its callers.
+	* nscd/netgroupcache.c
+	(addgetnetgrentX): Add tofreep parameter.  Do not free
+	heap-allocated buffer.
+	(addinnetgrX): Free buffer allocated bt addgetnetgrentX.
+	(addgetnetgrentX_ignore): New function.
+	(addgetnetgrent): Call it.
+	(readdgetnetgrent): Likewise.
+
 2018-08-16  DJ Delorie  <dj@delorie.com>
 
 	* malloc/malloc.c (_int_free): Check for corrupt prev_size vs size.
author	Florian Weimer <fweimer@redhat.com>	2018-08-28 13:19:27 +0200
committer	Carlos O'Donell <carlos@redhat.com>	2018-11-09 10:17:00 -0500
commit	7d174f53539bfbfa9cdfa41ead605573d3f219eb (patch)
tree	2183c45cddfeb059c525327c5d6446bef91cc466 /ChangeLog
parent	53a7e59405cbbbd24c1cf64b0298a9e6212a82e2 (diff)
download	glibc-7d174f53539bfbfa9cdfa41ead605573d3f219eb.tar.gz glibc-7d174f53539bfbfa9cdfa41ead605573d3f219eb.tar.xz glibc-7d174f53539bfbfa9cdfa41ead605573d3f219eb.zip