From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 1B562384AB45; Thu, 25 Apr 2024 14:10:36 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1B562384AB45
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1714054236;
	bh=qEBXVapD3YK5yzwiRm3StwZGmNRtjhifGKL6QXTELeQ=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=p4AaByI3s8Dh0DrQMnNDFL69g4Zv+eWHgzuWCILQEzJ9ZRv3uCc7RSvnU+sscXT6z
	 xNboz+xKihiSeJ6I8kCFwAS1Gdt2esyP3/oB614Hv05JwqdJyTziKALKt4OnCEApLS
	 Y76c2ICAf+kwmk48DdLbYG4LFdgIYtuTPN4jqeWA=
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory
 allocation failure
Date: Thu, 25 Apr 2024 14:10:35 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: nscd
X-Bugzilla-Version: 2.40
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: fweimer at redhat dot com
X-Bugzilla-Target-Milestone: 2.40
X-Bugzilla-Flags: security+
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-31679-131-kcSDGC1faL@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-31679-131@http.sourceware.org/bugzilla/>
References: <bug-31679-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <glibc-bugs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D31679

--- Comment #12 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.33/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4d27d4b9a188786fc6a=
56745506cec2acfc51f83

commit 4d27d4b9a188786fc6a56745506cec2acfc51f83
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 25 15:01:07 2024 +0200

    CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)

    This avoids potential memory corruption when the underlying NSS
    callback function does not use the buffer space to store all strings
    (e.g., for constant strings).

    Instead of custom buffer management, two scratch buffers are used.
    This increases stack usage somewhat.

    Scratch buffer allocation failure is handled by return -1
    (an invalid timeout value) instead of terminating the process.
    This fixes bug 31679.

    Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    (cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)

--=20
You are receiving this mail because:
You are on the CC list for the bug.=