This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch release/2.25/master updated. glibc-2.25-56-g864ea5f
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 7 Oct 2017 11:48:55 -0000
- Subject: GNU C Library master sources branch release/2.25/master updated. glibc-2.25-56-g864ea5f
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.25/master has been updated
via 864ea5f6579edfee41f7d4a778807045b5aff66b (commit)
via 0279dcae8825f5835d636a68372f6b4e72eb27f3 (commit)
from ac93084c086ff06f815c405c9eb36a2b1f02da6a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=864ea5f6579edfee41f7d4a778807045b5aff66b
commit 864ea5f6579edfee41f7d4a778807045b5aff66b
Author: DJ Delorie <dj@delorie.com>
Date: Sat Oct 7 13:28:16 2017 +0200
Fix cast-after-dereference
Original code was dereferencing a char*, then casting the value
to size_t. Should cast the pointer to size_t* then deference.
(cherry picked from commit f8cef4d07d9641e27629bd3ce2d13f5d702fb251)
diff --git a/ChangeLog b/ChangeLog
index f4e2c5d..f7cdb10 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-07-19 DJ Delorie <dj@delorie.com>
+
+ [BZ #21654]
+ * grp/grp-merge.c (libc_hidden_def): Fix cast-after-dereference.
+
2017-07-14 DJ Delorie <dj@redhat.com>
[BZ #21654]
diff --git a/NEWS b/NEWS
index f705771..11b82d2 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,7 @@ The following bugs are resolved with this release:
[21298] rwlock can deadlock on frequent reader/writer phase switching
[21386] Assertion in fork for distinct parent PID is incorrect
[21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+ [21654] nss: Fix invalid cast in group merging
[21778] Robust mutex may deadlock
[21972] assert macro requires operator== (int) for its argument type
diff --git a/grp/grp-merge.c b/grp/grp-merge.c
index 6590e5d..035e7a6 100644
--- a/grp/grp-merge.c
+++ b/grp/grp-merge.c
@@ -137,7 +137,7 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
/* Get the count of group members from the last sizeof (size_t) bytes in the
mergegrp buffer. */
- savedmemcount = (size_t) *(savedend - sizeof (size_t));
+ savedmemcount = *(size_t *) (savedend - sizeof (size_t));
/* Get the count of new members to add. */
for (memcount = 0; mergegrp->gr_mem[memcount]; memcount++)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0279dcae8825f5835d636a68372f6b4e72eb27f3
commit 0279dcae8825f5835d636a68372f6b4e72eb27f3
Author: DJ Delorie <dj@delorie.com>
Date: Fri Jul 14 21:46:42 2017 -0400
Fix BZ #21654 - grp-merge.c alignment
* grp/grp_merge.c (__copy_grp): Align char** to minimum pointer
alignment not char alignment.
(__merge_grp): Likewise.
(cherry picked from commit 4fa8ae49aa169fb8d97882938e8bee3ed9ce5410)
diff --git a/ChangeLog b/ChangeLog
index 53e80f8..f4e2c5d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-07-14 DJ Delorie <dj@redhat.com>
+
+ [BZ #21654]
+ * grp/grp_merge.c (__copy_grp): Align char** to minimum pointer
+ alignment not char alignment.
+ (__merge_grp): Likewise.
+
2017-08-22 Joseph Myers <joseph@codesourcery.com>
[BZ #21987]
diff --git a/grp/grp-merge.c b/grp/grp-merge.c
index 77c494d..6590e5d 100644
--- a/grp/grp-merge.c
+++ b/grp/grp-merge.c
@@ -85,6 +85,14 @@ __copy_grp (const struct group srcgrp, const size_t buflen,
}
members[i] = NULL;
+ /* Align for pointers. We can't simply align C because we need to
+ align destbuf[c]. */
+ if ((((uintptr_t)destbuf + c) & (__alignof__(char **) - 1)) != 0)
+ {
+ uintptr_t mis_align = ((uintptr_t)destbuf + c) & (__alignof__(char **) - 1);
+ c += __alignof__(char **) - mis_align;
+ }
+
/* Copy the pointers from the members array into the buffer and assign them
to the gr_mem member of destgrp. */
destgrp->gr_mem = (char **) &destbuf[c];
@@ -168,6 +176,14 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
/* Add the NULL-terminator. */
members[savedmemcount + memcount] = NULL;
+ /* Align for pointers. We can't simply align C because we need to
+ align savedbuf[c]. */
+ if ((((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1)) != 0)
+ {
+ uintptr_t mis_align = ((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1);
+ c += __alignof__(char **) - mis_align;
+ }
+
/* Copy the member array back into the buffer after the member list and free
the member array. */
savedgrp->gr_mem = (char **) &savedbuf[c];
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 12 ++++++++++++
NEWS | 1 +
grp/grp-merge.c | 18 +++++++++++++++++-
3 files changed, 30 insertions(+), 1 deletions(-)
hooks/post-receive
--
GNU C Library master sources