This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Re: [PATCH] gshadow: Handle the parser's full buffer error code
- From: David Michael <fedora dot dm0 at gmail dot com>
- To: Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org
- Date: Fri, 8 Jul 2016 07:51:55 -0700
- Subject: Re: Re: [PATCH] gshadow: Handle the parser's full buffer error code
- Authentication-results: sourceware.org; auth=none
- References: <f6004081-2bfc-de67-f551-6aeea0711435@redhat.com> <924dccbc-66c2-5e0a-59f8-27464c8d6d54@redhat.com>
On Fri, Jul 8, 2016 at 5:02 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 06/25/2016 02:27 AM, David Michael wrote:
>
>> * gshadow/fgetsgent_r.c (__fgetsgent_r): Return ERANGE when the
>> parse_line function returns its out-of-space error.
>
>
>> The fgetgsent function isn't handling errors from parse_line. That
>> means it can run out of buffer space when adding pointers to group
>> members and exit early without setting all members of the static result
>> struct. The static result's members will remain pointing at buffer
>> locations from the previous line, which have been overwritten with
>> incompatible data, causing segfaults after it is returned normally.
>
>
> This needs a bug in Bugzilla.
I have filed bug #20338.[0]
> Do you have a copyright assignment covering glibc on file with the FSF?
I don't personally, but the copyright holder of this change (if it is
considered legally significant) should be CoreOS, Inc. I would
imagine they've contributed before, but if not, I can try to find
someone to sign off on it later today.
Thanks.
David
[0] https://sourceware.org/bugzilla/show_bug.cgi?id=20338