This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch release/2.24/master updated. glibc-2.24-68-gb70f43d

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 7 Oct 2017 12:00:59 -0000
Subject: GNU C Library master sources branch release/2.24/master updated. glibc-2.24-68-gb70f43d

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.24/master has been updated
       via  b70f43dcef0ca638d2d550ead8007f7c9bb7e4bb (commit)
       via  caa97d7a46db35a5ddb7bc53e56a866bc180c3b0 (commit)
      from  d5a4092c367955ac0203ee603fdec625f6c924f9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b70f43dcef0ca638d2d550ead8007f7c9bb7e4bb

commit b70f43dcef0ca638d2d550ead8007f7c9bb7e4bb
Author: DJ Delorie <dj@delorie.com>
Date:   Sat Oct 7 13:32:00 2017 +0200

    Fix cast-after-dereference
    
    Original code was dereferencing a char*, then casting the value
    to size_t.  Should cast the pointer to size_t* then deference.
    
    (cherry picked from commit f8cef4d07d9641e27629bd3ce2d13f5d702fb251)

diff --git a/ChangeLog b/ChangeLog
index fe5103f..80cb667 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-07-19  DJ Delorie  <dj@delorie.com>
+
+	[BZ #21654]
+	* grp/grp-merge.c (libc_hidden_def): Fix cast-after-dereference.
+
 2017-07-14  DJ Delorie  <dj@redhat.com>
 
 	[BZ #21654]
diff --git a/NEWS b/NEWS
index f60077b..f039101 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,7 @@ The following bugs are resolved with this release:
   [21386] Assertion in fork for distinct parent PID is incorrect
   [21609] x86-64: Align the stack in __tls_get_addr
   [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+  [21654] nss: Fix invalid cast in group merging
 
 Version 2.24
 
diff --git a/grp/grp-merge.c b/grp/grp-merge.c
index 50573b8..5f79755 100644
--- a/grp/grp-merge.c
+++ b/grp/grp-merge.c
@@ -137,7 +137,7 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
 
   /* Get the count of group members from the last sizeof (size_t) bytes in the
      mergegrp buffer.  */
-  savedmemcount = (size_t) *(savedend - sizeof (size_t));
+  savedmemcount = *(size_t *) (savedend - sizeof (size_t));
 
   /* Get the count of new members to add.  */
   for (memcount = 0; mergegrp->gr_mem[memcount]; memcount++)

http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=caa97d7a46db35a5ddb7bc53e56a866bc180c3b0

commit caa97d7a46db35a5ddb7bc53e56a866bc180c3b0
Author: DJ Delorie <dj@delorie.com>
Date:   Fri Jul 14 21:46:42 2017 -0400

    Fix BZ #21654 - grp-merge.c alignment
    
    * grp/grp_merge.c (__copy_grp): Align char** to minimum pointer
    alignment not char alignment.
    (__merge_grp): Likewise.
    
    (cherry picked from commit 4fa8ae49aa169fb8d97882938e8bee3ed9ce5410)

diff --git a/ChangeLog b/ChangeLog
index ecc0da0..fe5103f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-07-14  DJ Delorie  <dj@redhat.com>
+
+	[BZ #21654]
+	* grp/grp_merge.c (__copy_grp): Align char** to minimum pointer
+	alignment not char alignment.
+	(__merge_grp): Likewise.
+
 2017-08-06  H.J. Lu  <hongjiu.lu@intel.com>
 
 	[BZ #21871]
diff --git a/grp/grp-merge.c b/grp/grp-merge.c
index 0a1eb38..50573b8 100644
--- a/grp/grp-merge.c
+++ b/grp/grp-merge.c
@@ -85,6 +85,14 @@ __copy_grp (const struct group srcgrp, const size_t buflen,
     }
   members[i] = NULL;
 
+  /* Align for pointers.  We can't simply align C because we need to
+     align destbuf[c].  */
+  if ((((uintptr_t)destbuf + c) & (__alignof__(char **) - 1)) != 0)
+    {
+      uintptr_t mis_align = ((uintptr_t)destbuf + c) & (__alignof__(char **) - 1);
+      c += __alignof__(char **) - mis_align;
+    }
+
   /* Copy the pointers from the members array into the buffer and assign them
      to the gr_mem member of destgrp.  */
   destgrp->gr_mem = (char **) &destbuf[c];
@@ -168,6 +176,14 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
   /* Add the NULL-terminator.  */
   members[savedmemcount + memcount] = NULL;
 
+  /* Align for pointers.  We can't simply align C because we need to
+     align savedbuf[c].  */
+  if ((((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1)) != 0)
+    {
+      uintptr_t mis_align = ((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1);
+      c += __alignof__(char **) - mis_align;
+    }
+
   /* Copy the member array back into the buffer after the member list and free
      the member array.  */
   savedgrp->gr_mem = (char **) &savedbuf[c];

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |   12 ++++++++++++
 NEWS            |    1 +
 grp/grp-merge.c |   18 +++++++++++++++++-
 3 files changed, 30 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]