From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 07709384DD00; Thu, 25 Apr 2024 13:55:23 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 07709384DD00
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1714053324;
	bh=W7zlz9Nsin54U7D99d+Z6wxLTWfTS5m2UMbUZ55ONAA=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=yzT9qHD53QxYDuUnWPGpJuoDgDxvARZ1I6VBqR8n8XWoi0Z8IyvI9ncwNGgbG2tmz
	 GL0xP0panF3jVBJDVyyERm81cuKSNPjww1n1suXAWlPjwpXsHSA6M8s4DjtX6uPXZx
	 IMy5yhACb83RsznhtkVv0AcHh+08NTwCYsszg3CQ=
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory
 allocation failure
Date: Thu, 25 Apr 2024 13:55:23 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: nscd
X-Bugzilla-Version: 2.40
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: fweimer at redhat dot com
X-Bugzilla-Target-Milestone: 2.40
X-Bugzilla-Flags: security+
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-31679-131-Trf64IrTLb@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-31679-131@http.sourceware.org/bugzilla/>
References: <bug-31679-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <glibc-bugs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D31679

--- Comment #11 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D86f1d5f4129c373ac6f=
b6df5bcf38273838843cb

commit 86f1d5f4129c373ac6fb6df5bcf38273838843cb
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 25 15:01:07 2024 +0200

    CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)

    This avoids potential memory corruption when the underlying NSS
    callback function does not use the buffer space to store all strings
    (e.g., for constant strings).

    Instead of custom buffer management, two scratch buffers are used.
    This increases stack usage somewhat.

    Scratch buffer allocation failure is handled by return -1
    (an invalid timeout value) instead of terminating the process.
    This fixes bug 31679.

    Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    (cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)

--=20
You are receiving this mail because:
You are on the CC list for the bug.=