public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/17079] New: nss_files mishandles small buffer
@ 2014-06-23 8:18 schwab@linux-m68k.org
2014-06-23 8:20 ` [Bug libc/17079] " fweimer at redhat dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: schwab@linux-m68k.org @ 2014-06-23 8:18 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17079
Bug ID: 17079
Summary: nss_files mishandles small buffer
Product: glibc
Version: 2.19
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: schwab@linux-m68k.org
CC: drepper.fsp at gmail dot com
Blocks: 16071
The patch for bug 16071 broke parsing of files where a line doesn't fit in the
supplied buffer, by ignoring such lines instead of returning ERANGE to the
caller.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/17079] nss_files mishandles small buffer
2014-06-23 8:18 [Bug libc/17079] New: nss_files mishandles small buffer schwab@linux-m68k.org
@ 2014-06-23 8:20 ` fweimer at redhat dot com
2014-06-23 10:31 ` schwab@linux-m68k.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-23 8:20 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17079
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/17079] nss_files mishandles small buffer
2014-06-23 8:18 [Bug libc/17079] New: nss_files mishandles small buffer schwab@linux-m68k.org
2014-06-23 8:20 ` [Bug libc/17079] " fweimer at redhat dot com
@ 2014-06-23 10:31 ` schwab@linux-m68k.org
2015-09-14 15:40 ` [Bug libc/17079] nss_files mishandles small buffer (CVE-2015-5277) fweimer at redhat dot com
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: schwab@linux-m68k.org @ 2014-06-23 10:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17079
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Target Milestone|--- |2.20
--- Comment #2 from Andreas Schwab <schwab@linux-m68k.org> ---
Fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/17079] nss_files mishandles small buffer (CVE-2015-5277)
2014-06-23 8:18 [Bug libc/17079] New: nss_files mishandles small buffer schwab@linux-m68k.org
2014-06-23 8:20 ` [Bug libc/17079] " fweimer at redhat dot com
2014-06-23 10:31 ` schwab@linux-m68k.org
@ 2015-09-14 15:40 ` fweimer at redhat dot com
2015-09-22 11:42 ` [Bug libc/17079] nss_files heap-based buffer overflow with " fweimer at redhat dot com
2015-09-22 11:49 ` cvs-commit at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2015-09-14 15:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17079
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|nss_files mishandles small |nss_files mishandles small
|buffer |buffer (CVE-2015-5277)
Alias| |CVE-2015-5277
Flags|security- |security+
--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
The description is misleading. This bug can theoretically result in
applications receiving wrong data from NSS, and the data could even be
attacker-controlled, which means that this is a security bug.
Introduced in glibc 2.19, fixed in 2.20. The broken fix which went into glibc
2.19 has been backported to earlier glibc versions by some distributions.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/17079] nss_files heap-based buffer overflow with small buffer (CVE-2015-5277)
2014-06-23 8:18 [Bug libc/17079] New: nss_files mishandles small buffer schwab@linux-m68k.org
` (2 preceding siblings ...)
2015-09-14 15:40 ` [Bug libc/17079] nss_files mishandles small buffer (CVE-2015-5277) fweimer at redhat dot com
@ 2015-09-22 11:42 ` fweimer at redhat dot com
2015-09-22 11:49 ` cvs-commit at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2015-09-22 11:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17079
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|nss_files mishandles small |nss_files heap-based buffer
|buffer (CVE-2015-5277) |overflow with small buffer
| |(CVE-2015-5277)
--- Comment #5 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Florian Weimer from comment #4)
> The description is misleading. This bug can theoretically result in
> applications receiving wrong data from NSS, and the data could even be
> attacker-controlled, which means that this is a security bug.
This is not quite correct, either. This is actually a heap-based buffer
overflow.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/17079] nss_files heap-based buffer overflow with small buffer (CVE-2015-5277)
2014-06-23 8:18 [Bug libc/17079] New: nss_files mishandles small buffer schwab@linux-m68k.org
` (3 preceding siblings ...)
2015-09-22 11:42 ` [Bug libc/17079] nss_files heap-based buffer overflow with " fweimer at redhat dot com
@ 2015-09-22 11:49 ` cvs-commit at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2015-09-22 11:49 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17079
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 90fa42a1d7b78de0d75f7e3af362275b2abe807f (commit)
from e07aabba73ea62e7dfa0512507c92efb851fbdbe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=90fa42a1d7b78de0d75f7e3af362275b2abe807f
commit 90fa42a1d7b78de0d75f7e3af362275b2abe807f
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Sep 22 13:40:17 2015 +0200
Test in commit e07aabba73ea62e7dfa0512507c92efb851fbdbe is for bug 17079
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 5 +++++
nss/Makefile | 2 +-
nss/{bug18287.c => bug17079.c} | 3 ++-
3 files changed, 8 insertions(+), 2 deletions(-)
rename nss/{bug18287.c => bug17079.c} (98%)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-09-22 11:49 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-23 8:18 [Bug libc/17079] New: nss_files mishandles small buffer schwab@linux-m68k.org
2014-06-23 8:20 ` [Bug libc/17079] " fweimer at redhat dot com
2014-06-23 10:31 ` schwab@linux-m68k.org
2015-09-14 15:40 ` [Bug libc/17079] nss_files mishandles small buffer (CVE-2015-5277) fweimer at redhat dot com
2015-09-22 11:42 ` [Bug libc/17079] nss_files heap-based buffer overflow with " fweimer at redhat dot com
2015-09-22 11:49 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).