* [PATCH] Fix a possible buffer overflow in crypt (in lowmem situation only), fix lowmem handling in chroot_canon
@ 2004-06-08 16:31 Jakub Jelinek
2004-06-10 2:16 ` Roland McGrath
0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2004-06-08 16:31 UTC (permalink / raw)
To: Ulrich Drepper, Roland McGrath; +Cc: Glibc hackers
Hi!
2004-06-08 Jakub Jelinek <jakub@redhat.com>
[BZ #199]
* crypt/md5-crypt.c (__md5_crypt): Only update buflen if realloc
succeeds. Reported by Miles Ohlrich <miles@cray.com>.
* elf/chroot_canon.c (chroot_canon): Avoid segfault if first malloc
fails. Avoid memory leak if realloc fails.
--- libc/crypt/md5-crypt.c.jj 2002-11-11 03:43:28.000000000 +0100
+++ libc/crypt/md5-crypt.c 2004-06-08 17:47:10.132492169 +0200
@@ -1,6 +1,7 @@
/* One way encryption based on MD5 sum.
Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
- Copyright (C) 1996,1997,1999,2000,2001,2002 Free Software Foundation, Inc.
+ Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004
+ Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -250,15 +251,12 @@ __md5_crypt (const char *key, const char
if (buflen < needed)
{
- char *new_buffer;
-
- buflen = needed;
-
- new_buffer = (char *) realloc (buffer, buflen);
+ char *new_buffer = (char *) realloc (buffer, needed);
if (new_buffer == NULL)
return NULL;
buffer = new_buffer;
+ buflen = needed;
}
return __md5_crypt_r (key, salt, buffer, buflen);
--- libc/elf/chroot_canon.c.jj 2001-12-29 16:57:13.000000000 +0100
+++ libc/elf/chroot_canon.c 2004-06-08 18:05:45.556593648 +0200
@@ -1,5 +1,6 @@
/* Return the canonical absolute name of a given file inside chroot.
- Copyright (C) 1996,1997,1998,1999,2000,2001 Free Software Foundation, Inc.
+ Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2004
+ Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -59,6 +60,9 @@ chroot_canon (const char *chroot, const
}
rpath = malloc (chroot_len + PATH_MAX);
+ if (rpath == NULL)
+ return NULL;
+
rpath_limit = rpath + chroot_len + PATH_MAX;
rpath_root = (char *) mempcpy (rpath, chroot, chroot_len) - 1;
@@ -108,7 +112,7 @@ chroot_canon (const char *chroot, const
new_size += PATH_MAX;
new_rpath = (char *) realloc (rpath, new_size);
if (new_rpath == NULL)
- return NULL;
+ goto error;
rpath = new_rpath;
rpath_limit = rpath + new_size;
Jakub
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Fix a possible buffer overflow in crypt (in lowmem situation only), fix lowmem handling in chroot_canon
2004-06-08 16:31 [PATCH] Fix a possible buffer overflow in crypt (in lowmem situation only), fix lowmem handling in chroot_canon Jakub Jelinek
@ 2004-06-10 2:16 ` Roland McGrath
0 siblings, 0 replies; 2+ messages in thread
From: Roland McGrath @ 2004-06-10 2:16 UTC (permalink / raw)
To: Jakub Jelinek; +Cc: Ulrich Drepper, Glibc hackers
> Hi!
>
> 2004-06-08 Jakub Jelinek <jakub@redhat.com>
>
> [BZ #199]
> * crypt/md5-crypt.c (__md5_crypt): Only update buflen if realloc
> succeeds. Reported by Miles Ohlrich <miles@cray.com>.
>
> * elf/chroot_canon.c (chroot_canon): Avoid segfault if first malloc
> fails. Avoid memory leak if realloc fails.
I've put these in.
Thanks,
Roland
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-06-10 2:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-06-08 16:31 [PATCH] Fix a possible buffer overflow in crypt (in lowmem situation only), fix lowmem handling in chroot_canon Jakub Jelinek
2004-06-10 2:16 ` Roland McGrath
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).