|
 |
00db10 |
commit c44496df2f090a56d3bf75df930592dac6bba46f
|
|
|
00db10 |
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
|
|
|
00db10 |
Date: Wed Mar 12 17:27:22 2014 +0530
|
|
|
00db10 |
|
|
|
00db10 |
Provide correct buffer length to netgroup queries in nscd (BZ #16695)
|
|
|
00db10 |
|
|
|
00db10 |
The buffer to query netgroup entries is allocated sufficient space for
|
|
|
00db10 |
the netgroup entries and the key to be appended at the end, but it
|
|
|
00db10 |
sends in an incorrect available length to the NSS netgroup query
|
|
|
00db10 |
functions, resulting in overflow of the buffer in some special cases.
|
|
|
00db10 |
The fix here is to factor in the key length when sending the available
|
|
|
00db10 |
buffer and buffer length to the query functions.
|
|
|
00db10 |
|
|
|
00db10 |
diff --git glibc-2.17-c758a686/nscd/netgroupcache.c glibc-2.17-c758a686/nscd/netgroupcache.c
|
|
|
00db10 |
index 426d3c5..5ba1e1f 100644
|
|
|
00db10 |
--- glibc-2.17-c758a686/nscd/netgroupcache.c
|
|
|
00db10 |
+++ glibc-2.17-c758a686/nscd/netgroupcache.c
|
|
|
00db10 |
@@ -202,7 +202,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
|
|
00db10 |
{
|
|
|
00db10 |
int e;
|
|
|
00db10 |
status = getfct.f (&data, buffer + buffilled,
|
|
|
00db10 |
- buflen - buffilled, &e);
|
|
|
00db10 |
+ buflen - buffilled - req->key_len, &e);
|
|
|
00db10 |
if (status == NSS_STATUS_RETURN
|
|
|
00db10 |
|| status == NSS_STATUS_NOTFOUND)
|
|
|
00db10 |
/* This was either the last one for this group or the
|