This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]


Florian Weimer <fweimer@redhat.com> writes:

> On 02/23/2015 01:56 PM, Andreas Schwab wrote:
>> Florian Weimer <fweimer@redhat.com> writes:
>> 
>>> On 02/23/2015 01:00 PM, Andreas Schwab wrote:
>>>> Florian Weimer <fweimer@redhat.com> writes:
>>>>
>>>>> Robin Hack discovered that Samba would enter an infinite loop when
>>>>> processing quota-related requests.  It turns out this is a bug in the
>>>>> nss_files database.  Performing a lookup in the middle of an iteration
>>>>> (say, getwuid between getpwent) effectively resets the file pointer, so
>>>>> that the iteration starts again from the beginning.
>>>>>
>>>>> Tested on x86_64-redhat-linux-gnu.  Okay to commit?
>>>>
>>>> That doesn't fix the bug.  It still fails with a nis config.
>>>
>>> Ugh, could you please elaborate?
>> 
>> $ grep ^passwd /etc/nsswitch.conf
>> passwd: compat
>
> Are you trying to say that the code in nis/nss_compat/*.c has similar bugs?

I don't know, I haven't been able to analyze it yet.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]