This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.18-822-gaf37a8a

From: siddhesh at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 27 Jan 2014 06:05:12 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.18-822-gaf37a8a

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  af37a8a3496327a6e5617a2c76f17aa1e8db835e (commit)
      from  0c00f062dd97e4ebb3244147fc5af962aba53c7e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=af37a8a3496327a6e5617a2c76f17aa1e8db835e

commit af37a8a3496327a6e5617a2c76f17aa1e8db835e
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Jan 27 11:32:44 2014 +0530

    Avoid undefined behaviour in netgroupcache
    
    Using a buffer after it has been reallocated is undefined behaviour,
    so get offsets of the triplets in the old buffer before reallocating
    it.

diff --git a/ChangeLog b/ChangeLog
index 1a23eba..a1f549e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-01-27  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	* nscd/netgroupcache.c (addgetnetgrentX): Compute offset from
+	the old buffer before realloc.
+
 2014-01-27  Allan McRae  <allan@archlinux.org>
 
 	* po/fr.po: Update French translation from translation project.
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 924567c..be01fe8 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -241,15 +241,21 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 				if (buflen - req->key_len - bufused < needed)
 				  {
 				    buflen += MAX (buflen, 2 * needed);
+				    /* Save offset in the old buffer.  We don't
+				       bother with the NULL check here since
+				       we'll do that later anyway.  */
+				    size_t nhostdiff = nhost - buffer;
+				    size_t nuserdiff = nuser - buffer;
+				    size_t ndomaindiff = ndomain - buffer;
+
 				    char *newbuf = xrealloc (buffer, buflen);
-				    /* Adjust the pointers in the new
+				    /* Fix up the triplet pointers into the new
 				       buffer.  */
-				    nhost = (nhost ? newbuf + (nhost - buffer)
+				    nhost = (nhost ? newbuf + nhostdiff
 					     : NULL);
-				    nuser = (nuser ? newbuf + (nuser - buffer)
+				    nuser = (nuser ? newbuf + nuserdiff
 					     : NULL);
-				    ndomain = (ndomain
-					       ? newbuf + (ndomain - buffer)
+				    ndomain = (ndomain ? newbuf + ndomaindiff
 					       : NULL);
 				    buffer = newbuf;
 				  }

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |    5 +++++
 nscd/netgroupcache.c |   16 +++++++++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]