about summary refs log tree commit diff
path: root/math/ftestexcept.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2024-04-25 15:01:07 +0200
committerFlorian Weimer <fweimer@redhat.com>2024-04-25 16:07:52 +0200
commit4d27d4b9a188786fc6a56745506cec2acfc51f83 (patch)
tree48415d6968f44c07e9e46ab9d6cf838983c2e86b /math/ftestexcept.c
parente3eef1b8fbdd3a7917af466ca9c4b7477251ca79 (diff)
downloadglibc-4d27d4b9a188786fc6a56745506cec2acfc51f83.tar.gz
glibc-4d27d4b9a188786fc6a56745506cec2acfc51f83.tar.xz
glibc-4d27d4b9a188786fc6a56745506cec2acfc51f83.zip
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).

Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.

Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
Diffstat (limited to 'math/ftestexcept.c')
0 files changed, 0 insertions, 0 deletions