public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure
@ 2024-04-24 8:32 fweimer at redhat dot com
2024-04-24 8:32 ` [Bug nscd/31679] " fweimer at redhat dot com
` (17 more replies)
0 siblings, 18 replies; 19+ messages in thread
From: fweimer at redhat dot com @ 2024-04-24 8:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
Bug ID: 31679
Summary: nscd: netgroup cache may terminate daemon on memory
allocation failure
Product: glibc
Version: 2.40
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Flags: security+
The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a
memory allocation failure.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
@ 2024-04-24 8:32 ` fweimer at redhat dot com
2024-04-24 20:25 ` carlos at redhat dot com
` (16 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: fweimer at redhat dot com @ 2024-04-24 8:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Status|NEW |ASSIGNED
Assignee|unassigned at sourceware dot org |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
2024-04-24 8:32 ` [Bug nscd/31679] " fweimer at redhat dot com
@ 2024-04-24 20:25 ` carlos at redhat dot com
2024-04-24 20:29 ` carlos at redhat dot com
` (15 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: carlos at redhat dot com @ 2024-04-24 20:25 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carlos at redhat dot com
--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
[carlos@athas nscd]$ grep 'xmalloc' *
Makefile:# To find xmalloc.c
Makefile: xmalloc xstrdup aicache initgrcache res_hconf \
connections.c: dbs[cnt].head = xmalloc (sizeof (struct database_pers_head)
connections.c: dbs[cnt].data = xmalloc (dbs[cnt].head->data_size);
connections.c: struct pollfd *conns = (struct pollfd *) xmalloc (nconns
connections.c: server_groups = (gid_t *) xmalloc (server_ngroups * sizeof
(gid_t));
mem.c: he = xmalloc (memory_needed);
mem.c:#define obstack_chunk_alloc xmalloc
netgroupcache.c: buffer = xmalloc (buflen);
nscd.h:#include <programs/xmalloc.h>
[carlos@athas nscd]$ grep 'xrealloc' *
netgroupcache.c: char *newbuf = xrealloc
(buffer, buflen);
netgroupcache.c: *tofreep = buffer = xrealloc (buffer,
buflen);
Yes, we should not be doing this anywhere, we should check the result and
handle the OOM gracefully.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
2024-04-24 8:32 ` [Bug nscd/31679] " fweimer at redhat dot com
2024-04-24 20:25 ` carlos at redhat dot com
@ 2024-04-24 20:29 ` carlos at redhat dot com
2024-04-24 20:36 ` carlos at redhat dot com
` (14 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: carlos at redhat dot com @ 2024-04-24 20:29 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #2 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Carlos O'Donell from comment #1)
> [carlos@athas nscd]$ grep 'xmalloc' *
> Makefile:# To find xmalloc.c
> Makefile: xmalloc xstrdup aicache initgrcache res_hconf \
> connections.c: dbs[cnt].head = xmalloc (sizeof (struct
> database_pers_head)
> connections.c: dbs[cnt].data = xmalloc (dbs[cnt].head->data_size);
> connections.c: struct pollfd *conns = (struct pollfd *) xmalloc (nconns
> connections.c: server_groups = (gid_t *) xmalloc (server_ngroups * sizeof
> (gid_t));
> mem.c: he = xmalloc (memory_needed);
> mem.c:#define obstack_chunk_alloc xmalloc
> netgroupcache.c: buffer = xmalloc (buflen);
> nscd.h:#include <programs/xmalloc.h>
> [carlos@athas nscd]$ grep 'xrealloc' *
> netgroupcache.c: char *newbuf = xrealloc (buffer, buflen);
> netgroupcache.c: *tofreep = buffer = xrealloc (buffer, buflen);
>
> Yes, we should not be doing this anywhere, we should check the result and
> handle the OOM gracefully.
I should note that this bug is only about the netgroupcache.c usage.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (2 preceding siblings ...)
2024-04-24 20:29 ` carlos at redhat dot com
@ 2024-04-24 20:36 ` carlos at redhat dot com
2024-04-24 20:44 ` fweimer at redhat dot com
` (13 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: carlos at redhat dot com @ 2024-04-24 20:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2024-33601
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (3 preceding siblings ...)
2024-04-24 20:36 ` carlos at redhat dot com
@ 2024-04-24 20:44 ` fweimer at redhat dot com
2024-04-25 13:32 ` cvs-commit at gcc dot gnu.org
` (12 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: fweimer at redhat dot com @ 2024-04-24 20:44 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #3 from Florian Weimer <fweimer at redhat dot com> ---
I believe the other usages are harmless because they happen during startup
only.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (4 preceding siblings ...)
2024-04-24 20:44 ` fweimer at redhat dot com
@ 2024-04-25 13:32 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:35 ` fweimer at redhat dot com
` (11 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 13:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #4 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Florian Weimer <fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c04a21e050d64a1193a6daab872bca2528bda44b
commit c04a21e050d64a1193a6daab872bca2528bda44b
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (5 preceding siblings ...)
2024-04-25 13:32 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 13:35 ` fweimer at redhat dot com
2024-04-25 13:39 ` cvs-commit at gcc dot gnu.org
` (10 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: fweimer at redhat dot com @ 2024-04-25 13:35 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
Target Milestone|--- |2.40
--- Comment #5 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for glibc 2.40 via:
commit c04a21e050d64a1193a6daab872bca2528bda44b
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (6 preceding siblings ...)
2024-04-25 13:35 ` fweimer at redhat dot com
@ 2024-04-25 13:39 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:40 ` cvs-commit at gcc dot gnu.org
` (9 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 13:39 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #6 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.39/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a9a8d3eebb145779a18d90e3966009a1daa63cd8
commit a9a8d3eebb145779a18d90e3966009a1daa63cd8
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (7 preceding siblings ...)
2024-04-25 13:39 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 13:40 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:42 ` cvs-commit at gcc dot gnu.org
` (8 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 13:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #7 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.38/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=71af8ca864345d39b746d5cee84b94b430fad5db
commit 71af8ca864345d39b746d5cee84b94b430fad5db
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (8 preceding siblings ...)
2024-04-25 13:40 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 13:42 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:47 ` cvs-commit at gcc dot gnu.org
` (7 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 13:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #8 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.37/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6e106dc214d6a033a4e945d1c6cf58061f1c5f1f
commit 6e106dc214d6a033a4e945d1c6cf58061f1c5f1f
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (9 preceding siblings ...)
2024-04-25 13:42 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 13:47 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:52 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 13:47 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #9 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.36/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b6742463694b1dfdd5120b91ee21cf05d15ec2e2
commit b6742463694b1dfdd5120b91ee21cf05d15ec2e2
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (10 preceding siblings ...)
2024-04-25 13:47 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 13:52 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:53 ` sam at gentoo dot org
` (5 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 13:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #10 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7a5864cac60e06000394128a5a2817b03542f5a3
commit 7a5864cac60e06000394128a5a2817b03542f5a3
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (11 preceding siblings ...)
2024-04-25 13:52 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 13:53 ` sam at gentoo dot org
2024-04-25 13:55 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: sam at gentoo dot org @ 2024-04-25 13:53 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (12 preceding siblings ...)
2024-04-25 13:53 ` sam at gentoo dot org
@ 2024-04-25 13:55 ` cvs-commit at gcc dot gnu.org
2024-04-25 14:10 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 13:55 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #11 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=86f1d5f4129c373ac6fb6df5bcf38273838843cb
commit 86f1d5f4129c373ac6fb6df5bcf38273838843cb
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (13 preceding siblings ...)
2024-04-25 13:55 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 14:10 ` cvs-commit at gcc dot gnu.org
2024-04-25 14:12 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 14:10 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #12 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.33/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d27d4b9a188786fc6a56745506cec2acfc51f83
commit 4d27d4b9a188786fc6a56745506cec2acfc51f83
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (14 preceding siblings ...)
2024-04-25 14:10 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 14:12 ` cvs-commit at gcc dot gnu.org
2024-04-25 14:13 ` cvs-commit at gcc dot gnu.org
2024-04-25 21:00 ` carnil at debian dot org
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 14:12 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #13 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.32/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ed195a8ec89da281e3c4bf887a13d281b72d8f4
commit 3ed195a8ec89da281e3c4bf887a13d281b72d8f4
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (15 preceding siblings ...)
2024-04-25 14:12 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 14:13 ` cvs-commit at gcc dot gnu.org
2024-04-25 21:00 ` carnil at debian dot org
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-25 14:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
--- Comment #14 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.31/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bbf5a58ccb55679217f94de706164d15372fbbc0
commit bbf5a58ccb55679217f94de706164d15372fbbc0
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:01:07 2024 +0200
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).
Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.
Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug nscd/31679] nscd: netgroup cache may terminate daemon on memory allocation failure
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
` (16 preceding siblings ...)
2024-04-25 14:13 ` cvs-commit at gcc dot gnu.org
@ 2024-04-25 21:00 ` carnil at debian dot org
17 siblings, 0 replies; 19+ messages in thread
From: carnil at debian dot org @ 2024-04-25 21:00 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
Salvatore Bonaccorso <carnil at debian dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carnil at debian dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2024-04-25 21:00 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-24 8:32 [Bug nscd/31679] New: nscd: netgroup cache may terminate daemon on memory allocation failure fweimer at redhat dot com
2024-04-24 8:32 ` [Bug nscd/31679] " fweimer at redhat dot com
2024-04-24 20:25 ` carlos at redhat dot com
2024-04-24 20:29 ` carlos at redhat dot com
2024-04-24 20:36 ` carlos at redhat dot com
2024-04-24 20:44 ` fweimer at redhat dot com
2024-04-25 13:32 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:35 ` fweimer at redhat dot com
2024-04-25 13:39 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:40 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:42 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:47 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:52 ` cvs-commit at gcc dot gnu.org
2024-04-25 13:53 ` sam at gentoo dot org
2024-04-25 13:55 ` cvs-commit at gcc dot gnu.org
2024-04-25 14:10 ` cvs-commit at gcc dot gnu.org
2024-04-25 14:12 ` cvs-commit at gcc dot gnu.org
2024-04-25 14:13 ` cvs-commit at gcc dot gnu.org
2024-04-25 21:00 ` carnil at debian dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).