https://sourceware.org/bugzilla/show_bug.cgi?id=16190

Marko Myllynen <myllynen at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |myllynen at redhat dot com

--- Comment #23 from Marko Myllynen <myllynen at redhat dot com> ---
(In reply to Eduardo TrĂ¡pani from comment #22)
> Created attachment 7371 [details]
> Modified Esperanto locale (all mentioned issues solved)
> 
> I'd be glad to address any remaining issues, but given that we have the
> green light from libc-alpha (not a single objection there) and glibc is
> already shipping locales without region code and the currency is taken care
> of, my guess is that we are ready to go.

I provided some comments on libc-alpha to (another?) esperanto submission which
are not all addressed:

https://sourceware.org/ml/libc-alpha/2013-03/msg00385.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-20930-listarch-glibc-bugs=sources.redhat.com@sourceware.org Mon Jan 27 11:22:39 2014
Return-Path: <glibc-bugs-return-20930-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 25574 invoked by alias); 27 Jan 2014 11:22:38 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 25541 invoked by uid 55); 27 Jan 2014 11:22:33 -0000
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/16506] Access beyond memory bounds in netgroup files parsing
Date: Mon, 27 Jan 2014 11:22:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: libc
X-Bugzilla-Version: 2.18
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: siddhesh at redhat dot com
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-16506-131-mqPkFnmjmX@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-16506-131@http.sourceware.org/bugzilla/>
References: <bug-16506-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-01/txt/msg00331.txt.bz2
Content-length: 2324

http://sourceware.org/bugzilla/show_bug.cgi?id506

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  d7b00f98106a0f1e3d753b135eeb97dfdf6e2e74 (commit)
      from  af37a8a3496327a6e5617a2c76f17aa1e8db835e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h×b00f98106a0f1e3d753b135eeb97dfdf6e2e74

commit d7b00f98106a0f1e3d753b135eeb97dfdf6e2e74
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Jan 27 16:49:33 2014 +0530

    Fix invalid memory access when parsing netgroup files with blank lines (BZ
#16506)

    The netgroups file parsing code tries to access the character before
    the newline in parsed lines to see if it is a backslash (\).  This
    results in an access before the block allocated for the line if the
    line is blank, i.e. does not have anything other than the newline
    character.  This doesn't seem like it will cause any crashes because
    the byte belongs to the malloc metadata block and hence access to it
    will always succeed.

    There could be an invalid alteration in code flow where a blank line
    is seen as a continuation due to the preceding byte *happening* to be
    '\\'.  This could be done by interposing malloc, but that's not really
    a security problem since one could interpose getnetgrent_r itself and
    achieve a similar 'exploit'.

    The possibility of actually exploiting this is remote to impossible
    since it also requires the previous line to end with a '\\', which
    would happen only on invalid configurations.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                    |    4 ++++
 nss/nss_files/files-netgrp.c |    3 ++-
 2 files changed, 6 insertions(+), 1 deletions(-)

--
You are receiving this mail because:
You are on the CC list for the bug.