public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nscd/16474] New: nscd accesses freed memory on netgroup query
@ 2014-01-21 17:21 siddhesh at redhat dot com
2014-01-24 8:58 ` [Bug nscd/16474] " cvs-commit at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: siddhesh at redhat dot com @ 2014-01-21 17:21 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16474
Bug ID: 16474
Summary: nscd accesses freed memory on netgroup query
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: siddhesh at redhat dot com
Reporter: siddhesh at redhat dot com
CC: drepper.fsp at gmail dot com
nscd accesses freed memory on netgroup query when there are a large number of
entries in a netgroup. This is easily seen by running nscd under valgrind.
How Reproducible:
Always
Steps to Reproduce:
1. Add a group (foo_long) with a large number of members (>1000)
2. valgrind nscd -d
3. getent netgroup foo_long
Actual Results:
==1802== Invalid read of size 1
==1802== at 0x4C2E640: memcpy@@GLIBC_2.14 (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x1250CF: addgetnetgrentX (string3.h:51)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802== Address 0x655b8e8 is 968 bytes inside a block of size 1,024 free'd
==1802== at 0x4C2C3AA: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x11C29D: xrealloc (xmalloc.c:107)
==1802== by 0x125532: addgetnetgrentX (netgroupcache.c:245)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802==
==1802== Invalid read of size 1
==1802== at 0x4C2E64E: memcpy@@GLIBC_2.14 (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x1250CF: addgetnetgrentX (string3.h:51)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802== Address 0x655b8ea is 970 bytes inside a block of size 1,024 free'd
==1802== at 0x4C2C3AA: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x11C29D: xrealloc (xmalloc.c:107)
==1802== by 0x125532: addgetnetgrentX (netgroupcache.c:245)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
Expected Results:
No warnings.
Fix coming up.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nscd/16474] nscd accesses freed memory on netgroup query
2014-01-21 17:21 [Bug nscd/16474] New: nscd accesses freed memory on netgroup query siddhesh at redhat dot com
@ 2014-01-24 8:58 ` cvs-commit at gcc dot gnu.org
2014-01-24 8:59 ` siddhesh at redhat dot com
2014-06-13 8:54 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-01-24 8:58 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=16474
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 5d41dadf31bc8a2f9c34c40d52a442d3794e405c (commit)
from 0bad441c77fa4ff382dd3990542dcf52052b2121 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5d41dadf31bc8a2f9c34c40d52a442d3794e405c
commit 5d41dadf31bc8a2f9c34c40d52a442d3794e405c
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Fri Jan 24 13:51:15 2014 +0530
Adjust pointers to triplets in netgroup query data (BZ #16474)
The _nss_*_getnetgrent_r query populates the netgroup results in the
allocated buffer and then sets the result triplet to point to strings
in the buffer. This is a problem when the buffer is reallocated since
the pointers to the triplet strings are no longer valid. The pointers
need to be adjusted so that they now point to strings in the
reallocated buffer.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
NEWS | 2 +-
nscd/netgroupcache.c | 12 +++++++++++-
3 files changed, 18 insertions(+), 2 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nscd/16474] nscd accesses freed memory on netgroup query
2014-01-21 17:21 [Bug nscd/16474] New: nscd accesses freed memory on netgroup query siddhesh at redhat dot com
2014-01-24 8:58 ` [Bug nscd/16474] " cvs-commit at gcc dot gnu.org
@ 2014-01-24 8:59 ` siddhesh at redhat dot com
2014-06-13 8:54 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: siddhesh at redhat dot com @ 2014-01-24 8:59 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16474
Siddhesh Poyarekar <siddhesh at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed in master.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nscd/16474] nscd accesses freed memory on netgroup query
2014-01-21 17:21 [Bug nscd/16474] New: nscd accesses freed memory on netgroup query siddhesh at redhat dot com
2014-01-24 8:58 ` [Bug nscd/16474] " cvs-commit at gcc dot gnu.org
2014-01-24 8:59 ` siddhesh at redhat dot com
@ 2014-06-13 8:54 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 8:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16474
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security+
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-13 8:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-01-21 17:21 [Bug nscd/16474] New: nscd accesses freed memory on netgroup query siddhesh at redhat dot com
2014-01-24 8:58 ` [Bug nscd/16474] " cvs-commit at gcc dot gnu.org
2014-01-24 8:59 ` siddhesh at redhat dot com
2014-06-13 8:54 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).