about summary refs log tree commit diff
path: root/debug/strncat_chk.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2024-04-25 15:01:07 +0200
committerFlorian Weimer <fweimer@redhat.com>2024-04-25 16:10:32 +0200
commit3ed195a8ec89da281e3c4bf887a13d281b72d8f4 (patch)
tree49a82dd67e8d99978eae689b76e4c3306d492f5d /debug/strncat_chk.c
parentbe602180146de37582a3da3a0caa4b719645de9c (diff)
downloadglibc-3ed195a8ec89da281e3c4bf887a13d281b72d8f4.tar.gz
glibc-3ed195a8ec89da281e3c4bf887a13d281b72d8f4.tar.xz
glibc-3ed195a8ec89da281e3c4bf887a13d281b72d8f4.zip
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).

Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.

Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
Diffstat (limited to 'debug/strncat_chk.c')
0 files changed, 0 insertions, 0 deletions