This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug nscd/16760] Overlapping source and destination in calls to stpcpy from nscd

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Sun, 20 Dec 2015 17:56:33 +0000
Subject: [Bug nscd/16760] Overlapping source and destination in calls to stpcpy from nscd
Auto-submitted: auto-generated
References: <bug-16760-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=16760

--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.19/master has been updated
       via  b963026c07a304bcfcf56ad5ee9b4f0797c7d3df (commit)
       via  56b2cf5633f90c722b8f4ed257311b23ebed7399 (commit)
       via  2f3bd411aefa9747f17740e9ab06676d51241098 (commit)
      from  60f10f2326aa47c7f49b752c1730e084b2319aa7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b963026c07a304bcfcf56ad5ee9b4f0797c7d3df

commit b963026c07a304bcfcf56ad5ee9b4f0797c7d3df
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Mar 27 19:48:15 2014 +0530

    Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760)

    Calls to stpcpy from nscd netgroups code will have overlapping source
    and destination when all three values in the returned triplet are
    non-NULL and in the expected (host,user,domain) order.  This is seen
    in valgrind as:

    ==3181== Source and destination overlap in stpcpy(0x19973b48, 0x19973b48)
    ==3181==    at 0x4C2F30A: stpcpy (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==3181==    by 0x12567A: addgetnetgrentX (string3.h:111)
    ==3181==    by 0x12722D: addgetnetgrent (netgroupcache.c:665)
    ==3181==    by 0x11114C: nscd_run_worker (connections.c:1338)
    ==3181==    by 0x4E3C102: start_thread (pthread_create.c:309)
    ==3181==    by 0x59B81AC: clone (clone.S:111)
    ==3181==

    Fix this by using memmove instead of stpcpy.

    (cherry picked from commit ea7d8b95e2fcb81f68b04ed7787a3dbda023991a)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=56b2cf5633f90c722b8f4ed257311b23ebed7399

commit 56b2cf5633f90c722b8f4ed257311b23ebed7399
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Mar 27 19:49:51 2014 +0530

    Return NULL for wildcard values in getnetgrent from nscd (BZ #16759)

    getnetgrent is supposed to return NULL for values that are wildcards
    in the (host, user, domain) triplet.  This works correctly with nscd
    disabled, but with it enabled, it returns a blank ("") instead of a
    NULL.  This is easily seen with the output of `getent netgroup foonet`
    for a netgroup foonet defined as follows in /etc/netgroup:

        foonet (,foo,)

    The output with nscd disabled is:

        foonet ( ,foo,)

    while with nscd enabled, it is:

        foonet (,foo,)

    The extra space with nscd disabled is due to the fact that `getent
    netgroup` adds it if the return value from getnetgrent is NULL for
    either host or user.

    (cherry picked from commit dd3022d75e6fb8957843d6d84257a5d8457822d5)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2f3bd411aefa9747f17740e9ab06676d51241098

commit 2f3bd411aefa9747f17740e9ab06676d51241098
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Mar 27 07:15:22 2014 +0530

    Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)

    nscd works correctly when the request in innetgr is a wildcard,
    i.e. when one or more of host, user or domain parameters is NULL.
    However, it does not work when the the triplet in the netgroup
    definition has a wildcard.  This is easy to reproduce for a triplet
    defined as follows:

        foonet (,foo,)

    Here, an innetgr call that looks like this:

        innetgr ("foonet", "foohost", "foo", NULL);

    should succeed and so should:

        innetgr ("foonet", NULL, "foo", "foodomain");

    It does succeed with nscd disabled, but not with nscd enabled.  This
    fix adds this additional check for all three parts of the triplet so
    that it gives the correct result.

        [BZ #16758]
        * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
        blank values.

    (cherry picked from commit fbd6b5a4052316f7eb03c4617eebfaafc59dcc06)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |   14 ++++++++++++++
 NEWS                 |    7 ++++---
 inet/getnetgrent_r.c |   14 +++++++++++---
 nscd/netgroupcache.c |   26 +++++++++++++++++---------
 4 files changed, 46 insertions(+), 15 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]