This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>
- Cc: libc-alpha at sourceware dot org, Andreas Schwab <schwab at suse dot de>
- Date: Wed, 29 Apr 2015 15:18:06 +0200
- Subject: Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
- Authentication-results: sourceware.org; auth=none
- References: <54EB120A dot 1010202 at redhat dot com> <5506F010 dot 1090608 at redhat dot com> <20150325054735 dot GC5023 at spoyarek dot pnq dot redhat dot com> <551C30C6 dot 1050909 at redhat dot com>
On 04/01/2015 07:54 PM, Florian Weimer wrote:
> On 03/25/2015 06:47 AM, Siddhesh Poyarekar wrote:
>> On Mon, Mar 16, 2015 at 04:00:32PM +0100, Florian Weimer wrote:
>>> On 02/23/2015 12:42 PM, Florian Weimer wrote:
>>>> Robin Hack discovered that Samba would enter an infinite loop
>>>> when processing quota-related requests. It turns out this is a
>>>> bug in the nss_files database. Performing a lookup in the
>>>> middle of an iteration (say, getwuid between getpwent)
>>>> effectively resets the file pointer, so that the iteration
>>>> starts again from the beginning.
>>>>
>>>> Tested on x86_64-redhat-linux-gnu. Okay to commit?
>>>
>>> Ping?
>>>
>>> Can we at least fix the most common instance of this bug?
>>
>> I agree. Patch looks good to me.
>
> Should I commit this in the interim, until we can get Andreas' more
> comprehensive patch reviewed?
I have committed this now. After all, even with Andreas' patch, the
test case is still relevant.
--
Florian Weimer / Red Hat Product Security