public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nscd/16760] New: Overlapping source and destination in calls to stpcpy from nscd
@ 2014-03-27 4:00 siddhesh at redhat dot com
2014-03-27 14:26 ` [Bug nscd/16760] " cvs-commit at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: siddhesh at redhat dot com @ 2014-03-27 4:00 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16760
Bug ID: 16760
Summary: Overlapping source and destination in calls to stpcpy
from nscd
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: siddhesh at redhat dot com
Reporter: siddhesh at redhat dot com
CC: drepper.fsp at gmail dot com
The nscd netgroups code uses stpcpy to copy over triplet values into the
buffer. The source and destination addresses may overlap when all three values
are non-NULL and in the expected (host, user, domain) order. This is caught by
valgrind as:
==3181== Source and destination overlap in stpcpy(0x19973b48, 0x19973b48)
==3181== at 0x4C2F30A: stpcpy (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3181== by 0x12567A: addgetnetgrentX (string3.h:111)
==3181== by 0x12722D: addgetnetgrent (netgroupcache.c:665)
==3181== by 0x11114C: nscd_run_worker (connections.c:1338)
==3181== by 0x4E3C102: start_thread (pthread_create.c:309)
==3181== by 0x59B81AC: clone (clone.S:111)
==3181==
Fix coming up.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nscd/16760] Overlapping source and destination in calls to stpcpy from nscd
2014-03-27 4:00 [Bug nscd/16760] New: Overlapping source and destination in calls to stpcpy from nscd siddhesh at redhat dot com
@ 2014-03-27 14:26 ` cvs-commit at gcc dot gnu.org
2014-03-27 14:27 ` siddhesh at redhat dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-03-27 14:26 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16760
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via dd3022d75e6fb8957843d6d84257a5d8457822d5 (commit)
via ea7d8b95e2fcb81f68b04ed7787a3dbda023991a (commit)
from df5b85da90915ce6208ad737807e3d8f2a8fce87 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dd3022d75e6fb8957843d6d84257a5d8457822d5
commit dd3022d75e6fb8957843d6d84257a5d8457822d5
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Thu Mar 27 19:49:51 2014 +0530
Return NULL for wildcard values in getnetgrent from nscd (BZ #16759)
getnetgrent is supposed to return NULL for values that are wildcards
in the (host, user, domain) triplet. This works correctly with nscd
disabled, but with it enabled, it returns a blank ("") instead of a
NULL. This is easily seen with the output of `getent netgroup foonet`
for a netgroup foonet defined as follows in /etc/netgroup:
foonet (,foo,)
The output with nscd disabled is:
foonet ( ,foo,)
while with nscd enabled, it is:
foonet (,foo,)
The extra space with nscd disabled is due to the fact that `getent
netgroup` adds it if the return value from getnetgrent is NULL for
either host or user.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ea7d8b95e2fcb81f68b04ed7787a3dbda023991a
commit ea7d8b95e2fcb81f68b04ed7787a3dbda023991a
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Thu Mar 27 19:48:15 2014 +0530
Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760)
Calls to stpcpy from nscd netgroups code will have overlapping source
and destination when all three values in the returned triplet are
non-NULL and in the expected (host,user,domain) order. This is seen
in valgrind as:
==3181== Source and destination overlap in stpcpy(0x19973b48, 0x19973b48)
==3181== at 0x4C2F30A: stpcpy (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3181== by 0x12567A: addgetnetgrentX (string3.h:111)
==3181== by 0x12722D: addgetnetgrent (netgroupcache.c:665)
==3181== by 0x11114C: nscd_run_worker (connections.c:1338)
==3181== by 0x4E3C102: start_thread (pthread_create.c:309)
==3181== by 0x59B81AC: clone (clone.S:111)
==3181==
Fix this by using memmove instead of stpcpy.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 10 ++++++++++
NEWS | 3 ++-
inet/getnetgrent_r.c | 14 +++++++++++---
nscd/netgroupcache.c | 16 ++++++++++------
4 files changed, 33 insertions(+), 10 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nscd/16760] Overlapping source and destination in calls to stpcpy from nscd
2014-03-27 4:00 [Bug nscd/16760] New: Overlapping source and destination in calls to stpcpy from nscd siddhesh at redhat dot com
2014-03-27 14:26 ` [Bug nscd/16760] " cvs-commit at gcc dot gnu.org
@ 2014-03-27 14:27 ` siddhesh at redhat dot com
2014-06-12 19:52 ` fweimer at redhat dot com
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: siddhesh at redhat dot com @ 2014-03-27 14:27 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16760
Siddhesh Poyarekar <siddhesh at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed in master.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nscd/16760] Overlapping source and destination in calls to stpcpy from nscd
2014-03-27 4:00 [Bug nscd/16760] New: Overlapping source and destination in calls to stpcpy from nscd siddhesh at redhat dot com
2014-03-27 14:26 ` [Bug nscd/16760] " cvs-commit at gcc dot gnu.org
2014-03-27 14:27 ` siddhesh at redhat dot com
@ 2014-06-12 19:52 ` fweimer at redhat dot com
2014-06-12 19:58 ` fweimer at redhat dot com
2014-06-13 9:16 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-12 19:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16760
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nscd/16760] Overlapping source and destination in calls to stpcpy from nscd
2014-03-27 4:00 [Bug nscd/16760] New: Overlapping source and destination in calls to stpcpy from nscd siddhesh at redhat dot com
` (2 preceding siblings ...)
2014-06-12 19:52 ` fweimer at redhat dot com
@ 2014-06-12 19:58 ` fweimer at redhat dot com
2014-06-13 9:16 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-12 19:58 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16760
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags|security- |security?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nscd/16760] Overlapping source and destination in calls to stpcpy from nscd
2014-03-27 4:00 [Bug nscd/16760] New: Overlapping source and destination in calls to stpcpy from nscd siddhesh at redhat dot com
` (3 preceding siblings ...)
2014-06-12 19:58 ` fweimer at redhat dot com
@ 2014-06-13 9:16 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 9:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16760
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|security? |
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-13 9:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-27 4:00 [Bug nscd/16760] New: Overlapping source and destination in calls to stpcpy from nscd siddhesh at redhat dot com
2014-03-27 14:26 ` [Bug nscd/16760] " cvs-commit at gcc dot gnu.org
2014-03-27 14:27 ` siddhesh at redhat dot com
2014-06-12 19:52 ` fweimer at redhat dot com
2014-06-12 19:58 ` fweimer at redhat dot com
2014-06-13 9:16 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).