public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nscd/16453] New: nscd segfaults with a large number of members in a netgroup
@ 2014-01-15 11:30 siddhesh at redhat dot com
2014-01-16 4:53 ` [Bug nscd/16453] " cvs-commit at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: siddhesh at redhat dot com @ 2014-01-15 11:30 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16453
Bug ID: 16453
Summary: nscd segfaults with a large number of members in a
netgroup
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: siddhesh at redhat dot com
Reporter: siddhesh at redhat dot com
CC: drepper.fsp at gmail dot com
nscd crashes with a segfault when there are a large number of members in a
netgroup and the netgroup is defined in terms of another netgroup.
How Reproducible:
Always
Steps to Reproduce:
cat > /etc/netgroup
foo_000_01 \
(foo-000-000.bar.com.au,,) \
(foo-000-001.bar.com.au,,) \
(foo-000-002.bar.com.au,,) \
(foo-000-003.bar.com.au,,) \
(foo-000-004.bar.com.au,,) \
(foo-000-005.bar.com.au,,) \
(foo-000-006.bar.com.au,,) \
(foo-000-007.bar.com.au,,) \
(foo-000-008.bar.com.au,,) \
(foo-000-009.bar.com.au,,) \
(foo-000-010.bar.com.au,,) \
(foo-000-011.bar.com.au,,) \
(foo-000-012.bar.com.au,,) \
(foo-000-013.bar.com.au,,) \
(foo-000-014.bar.com.au,,) \
(foo-000-015.bar.com.au,,) \
(foo-000-016.bar.com.au,,) \
(foo-000-017.bar.com.au,,) \
(foo-000-018.bar.com.au,,) \
(foo-000-019.bar.com.au,,) \
(foo-000-020.bar.com.au,,) \
(foo-000-021.bar.com.au,,) \
(foo-000-022.bar.com.au,,) \
(foo-000-023.bar.com.au,,) \
(foo-000-024.bar.com.au,,) \
(foo-000-025.bar.com.au,,) \
(foo-000-026.bar.com.au,,) \
(foo-000-027.bar.com.au,,) \
(foo-000-028.bar.com.au,,) \
(foo-000-029.bar.com.au,,)
rhtest3 \
foo_000_01 \
(foo-000-030.bar.com.au,,) (foo-000-031.bar.com.au,,)
(foo-000-032.bar.com.au,,) (foo-000-033.bar.com.au,,)
(foo-000-034.bar.com.au,,) (foo-000-035.bar.com.au,,)
(foo-000-036.bar.com.au,,) (foo-000-037.bar.com.au,,)
(foo-000-038.bar.com.au,,) (foo-000-039.bar.com.au,,)
(foo-000-040.bar.com.au,,) (foo-000-041.bar.com.au,,)
(foo-000-042.bar.com.au,,)
^d
service nscd start
getent netgroup rhtest3
Actual Results:
nscd crashes with a segfault
Expected Result:
nscd does not crash.
Patch coming up.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug nscd/16453] nscd segfaults with a large number of members in a netgroup
2014-01-15 11:30 [Bug nscd/16453] New: nscd segfaults with a large number of members in a netgroup siddhesh at redhat dot com
@ 2014-01-16 4:53 ` cvs-commit at gcc dot gnu.org
2014-01-16 4:55 ` siddhesh at redhat dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-01-16 4:53 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=16453
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 5d29ccce66cc903fd9aa6e8f74c6be4dbc03d1f5 (commit)
via 980cb5180e1b71224a57ca52b995c959b7148c09 (commit)
from 2393fc0119fa291ff01b7b912dda2069257c8600 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5d29ccce66cc903fd9aa6e8f74c6be4dbc03d1f5
commit 5d29ccce66cc903fd9aa6e8f74c6be4dbc03d1f5
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Thu Jan 16 10:19:18 2014 +0530
Mention addition of multiple precision fallback libm probes in NEWS
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=980cb5180e1b71224a57ca52b995c959b7148c09
commit 980cb5180e1b71224a57ca52b995c959b7148c09
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Thu Jan 16 10:20:22 2014 +0530
Don't use alloca in addgetnetgrentX (BZ #16453)
addgetnetgrentX has a buffer which is grown as per the needs of the
requested size either by using alloca or by falling back to malloc if
the size is larger than 1K. There are two problems with the alloca
bits: firstly, it doesn't really extend the buffer since it does not
use the return value of the extend_alloca macro, which is the location
of the reallocated buffer. Due to this the buffer does not actually
extend itself and hence a subsequent write may overwrite stuff on the
stack.
The second problem is more subtle - the buffer growth on the stack is
discontinuous due to block scope local variables. Combine that with
the fact that unlike realloc, extend_alloca does not copy over old
content and you have a situation where the buffer just has garbage in
the space where it should have had data.
This could have been fixed by adding code to copy over old data
whenever we call extend_alloca, but it seems unnecessarily
complicated. This code is not exactly a performance hotspot (it's
called when there is a cache miss, so factors like network lookup or
file reads will dominate over memory allocation/reallocation), so this
premature optimization is unnecessary.
Thanks Brad Hubbard <bhubbard@redhat.com> for his help with debugging
the problem.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 5 +++++
NEWS | 5 ++++-
nscd/netgroupcache.c | 37 ++++++-------------------------------
3 files changed, 15 insertions(+), 32 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug nscd/16453] nscd segfaults with a large number of members in a netgroup
2014-01-15 11:30 [Bug nscd/16453] New: nscd segfaults with a large number of members in a netgroup siddhesh at redhat dot com
2014-01-16 4:53 ` [Bug nscd/16453] " cvs-commit at gcc dot gnu.org
@ 2014-01-16 4:55 ` siddhesh at redhat dot com
2014-06-13 8:57 ` fweimer at redhat dot com
2024-04-24 8:32 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: siddhesh at redhat dot com @ 2014-01-16 4:55 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16453
Siddhesh Poyarekar <siddhesh at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug nscd/16453] nscd segfaults with a large number of members in a netgroup
2014-01-15 11:30 [Bug nscd/16453] New: nscd segfaults with a large number of members in a netgroup siddhesh at redhat dot com
2014-01-16 4:53 ` [Bug nscd/16453] " cvs-commit at gcc dot gnu.org
2014-01-16 4:55 ` siddhesh at redhat dot com
@ 2014-06-13 8:57 ` fweimer at redhat dot com
2024-04-24 8:32 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 8:57 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16453
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security-
--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
Contents of /etc/netgroup is trusted, no trust boundary is crossed, hence not a
security bug.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug nscd/16453] nscd segfaults with a large number of members in a netgroup
2014-01-15 11:30 [Bug nscd/16453] New: nscd segfaults with a large number of members in a netgroup siddhesh at redhat dot com
` (2 preceding siblings ...)
2014-06-13 8:57 ` fweimer at redhat dot com
@ 2024-04-24 8:32 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2024-04-24 8:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16453
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://sourceware.org/bugz
| |illa/show_bug.cgi?id=31679
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-04-24 8:32 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-01-15 11:30 [Bug nscd/16453] New: nscd segfaults with a large number of members in a netgroup siddhesh at redhat dot com
2014-01-16 4:53 ` [Bug nscd/16453] " cvs-commit at gcc dot gnu.org
2014-01-16 4:55 ` siddhesh at redhat dot com
2014-06-13 8:57 ` fweimer at redhat dot com
2024-04-24 8:32 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).