This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug nis/962] traditional netgroup logins impossible


------- Additional Comments From dvandeun at wilma dot vub dot ac dot be  2005-07-04 10:10 -------
Subject: Re:  traditional netgroup logins impossible

> I'm not able to reproduce it. And since it does not happen if nscd is 
> running, it looks like as if your application is corrupting the memory. 

But both variables in the failing check

  assert (malloc_usable_size (netgrp->data) >= len + 1);

are set a few lines higher by

  yp_match (domain, "netgroup", group, strlen (group),
                                &netgrp->data, &len)

and yp_match builds up the contents of these variables:

  yp_match (const char *indomain, const char *inmap, const char *inkey,
            const int inkeylen, char **outval, int *outvallen)
  {
    (...deleted the branches that do not return SUCCESS...)
  
    *outvallen = resp.val.valdat_len;               <----------
    *outval = malloc (*outvallen + 1);              <----------
    if (__builtin_expect (*outval == NULL, 0))
      return YPERR_RESRC;
    memcpy (*outval, resp.val.valdat_val, *outvallen);
    (*outval)[*outvallen] = '\0';
  
    xdr_free ((xdrproc_t) xdr_ypresp_val, (char *) &resp);
  
    return YPERR_SUCCESS;
  }

So the relevant malloc is done inside glibc, and the length of *outval
(i.e. netgrp->data) should be at least *outvallen (i.e. len) + 1.

So it looks very much as if the malloc_usable_size is the only thing
left that could go wrong in:

  assert (malloc_usable_size (netgrp->data) >= len + 1);

Interestingly, this is the *only* place in the whole of glibc where
mallow_usable_size is used.

Dirk van Deun
--
Licensed to (kill -9)


-- 


http://sources.redhat.com/bugzilla/show_bug.cgi?id=962

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]