rpms / nss-pam-ldapd

Clone
Source Code
GIT

Blame SOURCES/nss-pam-ldapd-0.8.13-Fix-use-after-free-in-read_hostent-and-read_netent.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c7-alt
  2.   SOURCES
  3.   nss-pam-ldapd-0.8.13-Fix-use-after-free-in-read_hostent-and-read_netent.patch
Blob History Raw
df3ee2 
From e34fccc883e1fb6e7c0e1663e11ff9f96191971f Mon Sep 17 00:00:00 2001
df3ee2 
From: Lukas Slebodnik <lslebodn@redhat.com>
df3ee2 
Date: Mon, 27 Jan 2014 17:04:32 +0100
df3ee2 
Subject: [PATCH 1/2] Fix use after free in read_hostent and read_netent.
df3ee2
df3ee2 
if NSS_STATUS_TRYAGAIN is returned from read_one_hostent or
df3ee2 
read_one_netent function tio_skipall will be called with NULL pointer
df3ee2 
It could happend in functions:
df3ee2 
	 _nss_ldap_getnetbyname_r
df3ee2 
	_nss_ldap_getnetbyaddr_r
df3ee2 
	_nss_ldap_gethostbyname2_r
df3ee2 
	_nss_ldap_gethostbyaddr_r
df3ee2 
---
df3ee2 
 nss/hosts.c    | 2 --
df3ee2 
 nss/networks.c | 2 --
df3ee2 
 2 files changed, 4 deletions(-)
df3ee2
df3ee2 
diff --git a/nss/hosts.c b/nss/hosts.c
df3ee2 
index 86b6a77..0e7027e 100644
df3ee2 
--- a/nss/hosts.c
df3ee2 
+++ b/nss/hosts.c
df3ee2 
@@ -51,8 +51,6 @@
df3ee2
df3ee2 
 #undef ERROR_OUT_BUFERROR
df3ee2 
 #define ERROR_OUT_BUFERROR(fp) \
df3ee2 
-  (void)tio_close(fp); \
df3ee2 
-  fp=NULL; \
df3ee2 
   *errnop=ERANGE; \
df3ee2 
   *h_errnop=TRY_AGAIN; \
df3ee2 
   return NSS_STATUS_TRYAGAIN;
df3ee2 
diff --git a/nss/networks.c b/nss/networks.c
df3ee2 
index 859ef0e..1403b45 100644
df3ee2 
--- a/nss/networks.c
df3ee2 
+++ b/nss/networks.c
df3ee2 
@@ -51,8 +51,6 @@
df3ee2
df3ee2 
 #undef ERROR_OUT_BUFERROR
df3ee2 
 #define ERROR_OUT_BUFERROR(fp) \
df3ee2 
-  (void)tio_close(fp); \
df3ee2 
-  fp=NULL; \
df3ee2 
   *errnop=ERANGE; \
df3ee2 
   *h_errnop=TRY_AGAIN; \
df3ee2 
   return NSS_STATUS_TRYAGAIN;
df3ee2 
--
df3ee2 
1.8.5.3
df3ee2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation