00db10
commit c44496df2f090a56d3bf75df930592dac6bba46f
00db10
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
00db10
Date:   Wed Mar 12 17:27:22 2014 +0530
00db10
00db10
    Provide correct buffer length to netgroup queries in nscd (BZ #16695)
00db10
    
00db10
    The buffer to query netgroup entries is allocated sufficient space for
00db10
    the netgroup entries and the key to be appended at the end, but it
00db10
    sends in an incorrect available length to the NSS netgroup query
00db10
    functions, resulting in overflow of the buffer in some special cases.
00db10
    The fix here is to factor in the key length when sending the available
00db10
    buffer and buffer length to the query functions.
00db10
00db10
diff --git glibc-2.17-c758a686/nscd/netgroupcache.c glibc-2.17-c758a686/nscd/netgroupcache.c
00db10
index 426d3c5..5ba1e1f 100644
00db10
--- glibc-2.17-c758a686/nscd/netgroupcache.c
00db10
+++ glibc-2.17-c758a686/nscd/netgroupcache.c
00db10
@@ -202,7 +202,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
00db10
 		  {
00db10
 		    int e;
00db10
 		    status = getfct.f (&data, buffer + buffilled,
00db10
-				       buflen - buffilled, &e);
00db10
+				       buflen - buffilled - req->key_len, &e);
00db10
 		    if (status == NSS_STATUS_RETURN
00db10
 			|| status == NSS_STATUS_NOTFOUND)
00db10
 		      /* This was either the last one for this group or the