This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]

From: Andreas Schwab <schwab at suse dot de>
To: Florian Weimer <fw at deneb dot enyo dot de>
Cc: libc-alpha at sourceware dot org
Date: Wed, 25 Mar 2015 13:43:32 +0100
Subject: Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
Authentication-results: sourceware.org; auth=none
References: <54EB120A dot 1010202 at redhat dot com> <5506F010 dot 1090608 at redhat dot com> <mvmlhil1n5g dot fsf at hawking dot suse dot de> <871tkdtg89 dot fsf at mid dot deneb dot enyo dot de>

Florian Weimer <fw@deneb.enyo.de> writes:

> Sorry, I don't see how this can be retrofitted on top of the existing
> NSS API.  It assumes that the NSS module keeps the iteration state in
> a per-module global variable.

That's the bug.

> The fix I proposed builds on Ulrich's original patch which attempted
> to separate the state for lookup and iteration, but failed to do so
> because of that incorrectly initialized variable.

There is no "incorrectly initialized variable".

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Follow-Ups:
- Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
  - From: Florian Weimer

References:
- Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
  - From: Florian Weimer
- Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
  - From: Andreas Schwab
- Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]