From cfe1fc1013d0e7e4863c974fa0e78891cc0a2ed2 Mon Sep 17 00:00:00 2001 From: Jakub Jelinek Date: Fri, 15 May 2009 21:17:08 -0700 Subject: Robustify libc-side nscd database reader. The nscd database mapped in processes can change at any time. We have to be more vigilant when it comes to using that memory. Test the data entries are valid in their entire size, don't read data again from memory once we verified it, and make sure the trailing pointer is not going off the deep end. --- nscd/nscd_getpw_r.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'nscd/nscd_getpw_r.c') diff --git a/nscd/nscd_getpw_r.c b/nscd/nscd_getpw_r.c index 21f792bb4e..8a4449d186 100644 --- a/nscd/nscd_getpw_r.c +++ b/nscd/nscd_getpw_r.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1998, 1999, 2003, 2004, 2005, 2007 +/* Copyright (C) 1998, 1999, 2003, 2004, 2005, 2007, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk , 1998. @@ -104,7 +104,8 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type, if (mapped != NO_MAPPING) { - struct datahead *found = __nscd_cache_search (type, key, keylen, mapped); + struct datahead *found = __nscd_cache_search (type, key, keylen, mapped, + sizeof pw_resp); if (found != NULL) { pw_name = (const char *) (&found->data[0].pwdata + 1); -- cgit 1.4.1