This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 23 Feb 2015 14:00:52 +0100
- Subject: Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
- Authentication-results: sourceware.org; auth=none
- References: <54EB120A dot 1010202 at redhat dot com> <mvm7fv8hm71 dot fsf at hawking dot suse dot de> <54EB16F2 dot 6030900 at redhat dot com> <mvm385whjlk dot fsf at hawking dot suse dot de>
On 02/23/2015 01:56 PM, Andreas Schwab wrote:
> Florian Weimer <fweimer@redhat.com> writes:
>
>> On 02/23/2015 01:00 PM, Andreas Schwab wrote:
>>> Florian Weimer <fweimer@redhat.com> writes:
>>>
>>>> Robin Hack discovered that Samba would enter an infinite loop when
>>>> processing quota-related requests. It turns out this is a bug in the
>>>> nss_files database. Performing a lookup in the middle of an iteration
>>>> (say, getwuid between getpwent) effectively resets the file pointer, so
>>>> that the iteration starts again from the beginning.
>>>>
>>>> Tested on x86_64-redhat-linux-gnu. Okay to commit?
>>>
>>> That doesn't fix the bug. It still fails with a nis config.
>>
>> Ugh, could you please elaborate?
>
> $ grep ^passwd /etc/nsswitch.conf
> passwd: compat
Are you trying to say that the code in nis/nss_compat/*.c has similar bugs?
--
Florian Weimer / Red Hat Product Security