rpms / nss-pam-ldapd

Clone
Source Code
GIT

Blame SOURCES/nss-pam-ldapd-0.8.13-Fix-use-after-free-in-read_hostent-and-read_netent.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c7-beta
  2.   SOURCES
  3.   nss-pam-ldapd-0.8.13-Fix-use-after-free-in-read_hostent-and-read_netent.patch
Blob History Raw
09a3f6 
From e34fccc883e1fb6e7c0e1663e11ff9f96191971f Mon Sep 17 00:00:00 2001
09a3f6 
From: Lukas Slebodnik <lslebodn@redhat.com>
09a3f6 
Date: Mon, 27 Jan 2014 17:04:32 +0100
09a3f6 
Subject: [PATCH 1/2] Fix use after free in read_hostent and read_netent.
09a3f6
09a3f6 
if NSS_STATUS_TRYAGAIN is returned from read_one_hostent or
09a3f6 
read_one_netent function tio_skipall will be called with NULL pointer
09a3f6 
It could happend in functions:
09a3f6 
	 _nss_ldap_getnetbyname_r
09a3f6 
	_nss_ldap_getnetbyaddr_r
09a3f6 
	_nss_ldap_gethostbyname2_r
09a3f6 
	_nss_ldap_gethostbyaddr_r
09a3f6 
---
09a3f6 
 nss/hosts.c    | 2 --
09a3f6 
 nss/networks.c | 2 --
09a3f6 
 2 files changed, 4 deletions(-)
09a3f6
09a3f6 
diff --git a/nss/hosts.c b/nss/hosts.c
09a3f6 
index 86b6a77..0e7027e 100644
09a3f6 
--- a/nss/hosts.c
09a3f6 
+++ b/nss/hosts.c
09a3f6 
@@ -51,8 +51,6 @@
09a3f6
09a3f6 
 #undef ERROR_OUT_BUFERROR
09a3f6 
 #define ERROR_OUT_BUFERROR(fp) \
09a3f6 
-  (void)tio_close(fp); \
09a3f6 
-  fp=NULL; \
09a3f6 
   *errnop=ERANGE; \
09a3f6 
   *h_errnop=TRY_AGAIN; \
09a3f6 
   return NSS_STATUS_TRYAGAIN;
09a3f6 
diff --git a/nss/networks.c b/nss/networks.c
09a3f6 
index 859ef0e..1403b45 100644
09a3f6 
--- a/nss/networks.c
09a3f6 
+++ b/nss/networks.c
09a3f6 
@@ -51,8 +51,6 @@
09a3f6
09a3f6 
 #undef ERROR_OUT_BUFERROR
09a3f6 
 #define ERROR_OUT_BUFERROR(fp) \
09a3f6 
-  (void)tio_close(fp); \
09a3f6 
-  fp=NULL; \
09a3f6 
   *errnop=ERANGE; \
09a3f6 
   *h_errnop=TRY_AGAIN; \
09a3f6 
   return NSS_STATUS_TRYAGAIN;
09a3f6 
--
09a3f6 
1.8.5.3
09a3f6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation