public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug nscd/16474] New: nscd accesses freed memory on netgroup query
@ 2014-01-21 17:21 siddhesh at redhat dot com
2014-01-24 8:58 ` [Bug nscd/16474] " cvs-commit at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: siddhesh at redhat dot com @ 2014-01-21 17:21 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16474
Bug ID: 16474
Summary: nscd accesses freed memory on netgroup query
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: siddhesh at redhat dot com
Reporter: siddhesh at redhat dot com
CC: drepper.fsp at gmail dot com
nscd accesses freed memory on netgroup query when there are a large number of
entries in a netgroup. This is easily seen by running nscd under valgrind.
How Reproducible:
Always
Steps to Reproduce:
1. Add a group (foo_long) with a large number of members (>1000)
2. valgrind nscd -d
3. getent netgroup foo_long
Actual Results:
==1802== Invalid read of size 1
==1802== at 0x4C2E640: memcpy@@GLIBC_2.14 (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x1250CF: addgetnetgrentX (string3.h:51)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802== Address 0x655b8e8 is 968 bytes inside a block of size 1,024 free'd
==1802== at 0x4C2C3AA: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x11C29D: xrealloc (xmalloc.c:107)
==1802== by 0x125532: addgetnetgrentX (netgroupcache.c:245)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802==
==1802== Invalid read of size 1
==1802== at 0x4C2E64E: memcpy@@GLIBC_2.14 (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x1250CF: addgetnetgrentX (string3.h:51)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802== Address 0x655b8ea is 970 bytes inside a block of size 1,024 free'd
==1802== at 0x4C2C3AA: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x11C29D: xrealloc (xmalloc.c:107)
==1802== by 0x125532: addgetnetgrentX (netgroupcache.c:245)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
Expected Results:
No warnings.
Fix coming up.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread* [Bug nscd/16474] nscd accesses freed memory on netgroup query 2014-01-21 17:21 [Bug nscd/16474] New: nscd accesses freed memory on netgroup query siddhesh at redhat dot com @ 2014-01-24 8:58 ` cvs-commit at gcc dot gnu.org 2014-01-24 8:59 ` siddhesh at redhat dot com 2014-06-13 8:54 ` fweimer at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2014-01-24 8:58 UTC (permalink / raw) To: glibc-bugs http://sourceware.org/bugzilla/show_bug.cgi?id=16474 --- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 5d41dadf31bc8a2f9c34c40d52a442d3794e405c (commit) from 0bad441c77fa4ff382dd3990542dcf52052b2121 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5d41dadf31bc8a2f9c34c40d52a442d3794e405c commit 5d41dadf31bc8a2f9c34c40d52a442d3794e405c Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Fri Jan 24 13:51:15 2014 +0530 Adjust pointers to triplets in netgroup query data (BZ #16474) The _nss_*_getnetgrent_r query populates the netgroup results in the allocated buffer and then sets the result triplet to point to strings in the buffer. This is a problem when the buffer is reallocated since the pointers to the triplet strings are no longer valid. The pointers need to be adjusted so that they now point to strings in the reallocated buffer. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 6 ++++++ NEWS | 2 +- nscd/netgroupcache.c | 12 +++++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nscd/16474] nscd accesses freed memory on netgroup query 2014-01-21 17:21 [Bug nscd/16474] New: nscd accesses freed memory on netgroup query siddhesh at redhat dot com 2014-01-24 8:58 ` [Bug nscd/16474] " cvs-commit at gcc dot gnu.org @ 2014-01-24 8:59 ` siddhesh at redhat dot com 2014-06-13 8:54 ` fweimer at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: siddhesh at redhat dot com @ 2014-01-24 8:59 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=16474 Siddhesh Poyarekar <siddhesh at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Siddhesh Poyarekar <siddhesh at redhat dot com> --- Fixed in master. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nscd/16474] nscd accesses freed memory on netgroup query 2014-01-21 17:21 [Bug nscd/16474] New: nscd accesses freed memory on netgroup query siddhesh at redhat dot com 2014-01-24 8:58 ` [Bug nscd/16474] " cvs-commit at gcc dot gnu.org 2014-01-24 8:59 ` siddhesh at redhat dot com @ 2014-06-13 8:54 ` fweimer at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: fweimer at redhat dot com @ 2014-06-13 8:54 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=16474 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Flags| |security+ -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-13 8:54 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-01-21 17:21 [Bug nscd/16474] New: nscd accesses freed memory on netgroup query siddhesh at redhat dot com 2014-01-24 8:58 ` [Bug nscd/16474] " cvs-commit at gcc dot gnu.org 2014-01-24 8:59 ` siddhesh at redhat dot com 2014-06-13 8:54 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).