From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glibc-bugs-return-7418-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Received: (qmail 21198 invoked by alias); 21 Nov 2007 04:58:49 -0000
Received: (qmail 21173 invoked by uid 48); 21 Nov 2007 04:58:37 -0000
Date: Wed, 21 Nov 2007 04:58:00 -0000
From: "pasky at suse dot cz" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sources.redhat.com
Message-ID: <20071121045836.5381.pasky@suse.cz>
Reply-To: sourceware-bugzilla@sourceware.org
Subject: [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc()
X-Bugzilla-Reason: CC
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
X-SW-Source: 2007-11/txt/msg00075.txt.bz2

nscd does not use sufficient locking, allowing gc() to be run between
mempool_alloc() of data and its addition by cache_add(). Thus, gc() will free
the data again before it could have been added and properly accounted for. The
code should take the read database lock already before the mempool_alloc() call.

-- 
           Summary: nscd: Race condition of mempool_alloc() .. cache_add()
                    and gc()
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: nscd
        AssignedTo: drepper at redhat dot com
        ReportedBy: pasky at suse dot cz
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=5381

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.