public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nscd/31678] New: nscd: Null pointer dereferences after failed netgroup cache insertion
@ 2024-04-24 7:52 fweimer at redhat dot com
2024-04-24 7:52 ` [Bug nscd/31678] " fweimer at redhat dot com
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: fweimer at redhat dot com @ 2024-04-24 7:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31678
Bug ID: 31678
Summary: nscd: Null pointer dereferences after failed netgroup
cache insertion
Product: glibc
Version: 2.40
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
After a failed cache insertion, addgetnetgrentX tries to send the non-existing
response after the not-found header.
In addinnetgrX, addgetnetgrentX may have produced a NULL result, indicating a
not-found status, but this is not handled in the subsequent code that prepares
the record that will be sent out to the client.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nscd/31678] nscd: Null pointer dereferences after failed netgroup cache insertion
2024-04-24 7:52 [Bug nscd/31678] New: nscd: Null pointer dereferences after failed netgroup cache insertion fweimer at redhat dot com
@ 2024-04-24 7:52 ` fweimer at redhat dot com
2024-04-24 8:32 ` fweimer at redhat dot com
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: fweimer at redhat dot com @ 2024-04-24 7:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31678
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security+
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nscd/31678] nscd: Null pointer dereferences after failed netgroup cache insertion
2024-04-24 7:52 [Bug nscd/31678] New: nscd: Null pointer dereferences after failed netgroup cache insertion fweimer at redhat dot com
2024-04-24 7:52 ` [Bug nscd/31678] " fweimer at redhat dot com
@ 2024-04-24 8:32 ` fweimer at redhat dot com
2024-04-24 20:36 ` carlos at redhat dot com
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: fweimer at redhat dot com @ 2024-04-24 8:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31678
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |fweimer at redhat dot com
Status|NEW |ASSIGNED
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nscd/31678] nscd: Null pointer dereferences after failed netgroup cache insertion
2024-04-24 7:52 [Bug nscd/31678] New: nscd: Null pointer dereferences after failed netgroup cache insertion fweimer at redhat dot com
2024-04-24 7:52 ` [Bug nscd/31678] " fweimer at redhat dot com
2024-04-24 8:32 ` fweimer at redhat dot com
@ 2024-04-24 20:36 ` carlos at redhat dot com
2024-04-25 13:36 ` fweimer at redhat dot com
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: carlos at redhat dot com @ 2024-04-24 20:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31678
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2024-33600
CC| |carlos at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nscd/31678] nscd: Null pointer dereferences after failed netgroup cache insertion
2024-04-24 7:52 [Bug nscd/31678] New: nscd: Null pointer dereferences after failed netgroup cache insertion fweimer at redhat dot com
` (2 preceding siblings ...)
2024-04-24 20:36 ` carlos at redhat dot com
@ 2024-04-25 13:36 ` fweimer at redhat dot com
2024-04-25 13:53 ` sam at gentoo dot org
2024-04-25 21:00 ` carnil at debian dot org
5 siblings, 0 replies; 7+ messages in thread
From: fweimer at redhat dot com @ 2024-04-25 13:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31678
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.40
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for glibc 2.40 via:
commit b048a482f088e53144d26a61c390bed0210f49f2
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response
(bug 31678)
The addgetnetgrentX call in addinnetgrX may have failed to produce
a result, so the result variable in addinnetgrX can be NULL.
Use db->negtimeout as the fallback value if there is no result data;
the timeout is also overwritten below.
Also avoid sending a second not-found response. (The client
disconnects after receiving the first response, so the data stream did
not go out of sync even without this fix.) It is still beneficial to
add the negative response to the mapping, so that the client can get
it from there in the future, instead of going through the socket.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33600: nscd: Do not send missing not-found response in
addgetnetgrentX (bug 31678)
If we failed to add a not-found response to the cache, the dataset
point can be null, resulting in a null pointer dereference.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nscd/31678] nscd: Null pointer dereferences after failed netgroup cache insertion
2024-04-24 7:52 [Bug nscd/31678] New: nscd: Null pointer dereferences after failed netgroup cache insertion fweimer at redhat dot com
` (3 preceding siblings ...)
2024-04-25 13:36 ` fweimer at redhat dot com
@ 2024-04-25 13:53 ` sam at gentoo dot org
2024-04-25 21:00 ` carnil at debian dot org
5 siblings, 0 replies; 7+ messages in thread
From: sam at gentoo dot org @ 2024-04-25 13:53 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31678
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nscd/31678] nscd: Null pointer dereferences after failed netgroup cache insertion
2024-04-24 7:52 [Bug nscd/31678] New: nscd: Null pointer dereferences after failed netgroup cache insertion fweimer at redhat dot com
` (4 preceding siblings ...)
2024-04-25 13:53 ` sam at gentoo dot org
@ 2024-04-25 21:00 ` carnil at debian dot org
5 siblings, 0 replies; 7+ messages in thread
From: carnil at debian dot org @ 2024-04-25 21:00 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31678
Salvatore Bonaccorso <carnil at debian dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carnil at debian dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-04-25 21:00 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-24 7:52 [Bug nscd/31678] New: nscd: Null pointer dereferences after failed netgroup cache insertion fweimer at redhat dot com
2024-04-24 7:52 ` [Bug nscd/31678] " fweimer at redhat dot com
2024-04-24 8:32 ` fweimer at redhat dot com
2024-04-24 20:36 ` carlos at redhat dot com
2024-04-25 13:36 ` fweimer at redhat dot com
2024-04-25 13:53 ` sam at gentoo dot org
2024-04-25 21:00 ` carnil at debian dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).