This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch release/2.25/master updated. glibc-2.25-56-g864ea5f

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 7 Oct 2017 11:48:55 -0000
Subject: GNU C Library master sources branch release/2.25/master updated. glibc-2.25-56-g864ea5f

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.25/master has been updated
       via  864ea5f6579edfee41f7d4a778807045b5aff66b (commit)
       via  0279dcae8825f5835d636a68372f6b4e72eb27f3 (commit)
      from  ac93084c086ff06f815c405c9eb36a2b1f02da6a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=864ea5f6579edfee41f7d4a778807045b5aff66b

commit 864ea5f6579edfee41f7d4a778807045b5aff66b
Author: DJ Delorie <dj@delorie.com>
Date:   Sat Oct 7 13:28:16 2017 +0200

    Fix cast-after-dereference
    
    Original code was dereferencing a char*, then casting the value
    to size_t.  Should cast the pointer to size_t* then deference.
    
    (cherry picked from commit f8cef4d07d9641e27629bd3ce2d13f5d702fb251)

diff --git a/ChangeLog b/ChangeLog
index f4e2c5d..f7cdb10 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-07-19  DJ Delorie  <dj@delorie.com>
+
+	[BZ #21654]
+	* grp/grp-merge.c (libc_hidden_def): Fix cast-after-dereference.
+
 2017-07-14  DJ Delorie  <dj@redhat.com>
 
 	[BZ #21654]
diff --git a/NEWS b/NEWS
index f705771..11b82d2 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,7 @@ The following bugs are resolved with this release:
   [21298] rwlock can deadlock on frequent reader/writer phase switching
   [21386] Assertion in fork for distinct parent PID is incorrect
   [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+  [21654] nss: Fix invalid cast in group merging
   [21778] Robust mutex may deadlock
   [21972] assert macro requires operator== (int) for its argument type
 
diff --git a/grp/grp-merge.c b/grp/grp-merge.c
index 6590e5d..035e7a6 100644
--- a/grp/grp-merge.c
+++ b/grp/grp-merge.c
@@ -137,7 +137,7 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
 
   /* Get the count of group members from the last sizeof (size_t) bytes in the
      mergegrp buffer.  */
-  savedmemcount = (size_t) *(savedend - sizeof (size_t));
+  savedmemcount = *(size_t *) (savedend - sizeof (size_t));
 
   /* Get the count of new members to add.  */
   for (memcount = 0; mergegrp->gr_mem[memcount]; memcount++)

http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0279dcae8825f5835d636a68372f6b4e72eb27f3

commit 0279dcae8825f5835d636a68372f6b4e72eb27f3
Author: DJ Delorie <dj@delorie.com>
Date:   Fri Jul 14 21:46:42 2017 -0400

    Fix BZ #21654 - grp-merge.c alignment
    
    * grp/grp_merge.c (__copy_grp): Align char** to minimum pointer
    alignment not char alignment.
    (__merge_grp): Likewise.
    
    (cherry picked from commit 4fa8ae49aa169fb8d97882938e8bee3ed9ce5410)

diff --git a/ChangeLog b/ChangeLog
index 53e80f8..f4e2c5d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-07-14  DJ Delorie  <dj@redhat.com>
+
+	[BZ #21654]
+	* grp/grp_merge.c (__copy_grp): Align char** to minimum pointer
+	alignment not char alignment.
+	(__merge_grp): Likewise.
+
 2017-08-22  Joseph Myers  <joseph@codesourcery.com>
 
 	[BZ #21987]
diff --git a/grp/grp-merge.c b/grp/grp-merge.c
index 77c494d..6590e5d 100644
--- a/grp/grp-merge.c
+++ b/grp/grp-merge.c
@@ -85,6 +85,14 @@ __copy_grp (const struct group srcgrp, const size_t buflen,
     }
   members[i] = NULL;
 
+  /* Align for pointers.  We can't simply align C because we need to
+     align destbuf[c].  */
+  if ((((uintptr_t)destbuf + c) & (__alignof__(char **) - 1)) != 0)
+    {
+      uintptr_t mis_align = ((uintptr_t)destbuf + c) & (__alignof__(char **) - 1);
+      c += __alignof__(char **) - mis_align;
+    }
+
   /* Copy the pointers from the members array into the buffer and assign them
      to the gr_mem member of destgrp.  */
   destgrp->gr_mem = (char **) &destbuf[c];
@@ -168,6 +176,14 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
   /* Add the NULL-terminator.  */
   members[savedmemcount + memcount] = NULL;
 
+  /* Align for pointers.  We can't simply align C because we need to
+     align savedbuf[c].  */
+  if ((((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1)) != 0)
+    {
+      uintptr_t mis_align = ((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1);
+      c += __alignof__(char **) - mis_align;
+    }
+
   /* Copy the member array back into the buffer after the member list and free
      the member array.  */
   savedgrp->gr_mem = (char **) &savedbuf[c];

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |   12 ++++++++++++
 NEWS            |    1 +
 grp/grp-merge.c |   18 +++++++++++++++++-
 3 files changed, 30 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]