From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 10F77384AB73; Thu, 25 Apr 2024 13:52:43 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 10F77384AB73
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1714053163;
	bh=18xa6hvN84i4aO3K6ZMgBkvdEHiAHism7Z83XpheR3c=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=OuSQcVbz/wVdeqkjWmKpxs9mWR7iju1plrehLBoviO9C4uL33QmJH83Ch8oXpS4B3
	 G4Q3I4BXuKz05kS7JyyGUQxOqVqzLrKdSkqFQCj3yBBGFZKytodT4WMi23/ww0laY1
	 NBcRp68iBKOGQoaK+NJ8xzGf/PcSEwB6wrAJVeug=
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory
 allocation failure
Date: Thu, 25 Apr 2024 13:52:42 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: nscd
X-Bugzilla-Version: 2.40
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: fweimer at redhat dot com
X-Bugzilla-Target-Milestone: 2.40
X-Bugzilla-Flags: security+
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-31679-131-YP0Suhk1Gm@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-31679-131@http.sourceware.org/bugzilla/>
References: <bug-31679-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <glibc-bugs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D31679

--- Comment #10 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7a5864cac60e0600039=
4128a5a2817b03542f5a3

commit 7a5864cac60e06000394128a5a2817b03542f5a3
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 25 15:01:07 2024 +0200

    CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)

    This avoids potential memory corruption when the underlying NSS
    callback function does not use the buffer space to store all strings
    (e.g., for constant strings).

    Instead of custom buffer management, two scratch buffers are used.
    This increases stack usage somewhat.

    Scratch buffer allocation failure is handled by return -1
    (an invalid timeout value) instead of terminating the process.
    This fixes bug 31679.

    Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    (cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)

--=20
You are receiving this mail because:
You are on the CC list for the bug.=