This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]

From: Florian Weimer <fweimer at redhat dot com>
To: Carlos O'Donell <carlos at redhat dot com>, libc-alpha at sourceware dot org
Date: Tue, 28 Aug 2018 13:40:58 +0200
Subject: Re: [PATCH] nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
References: <20180814105402.C227D4056649D@oldenburg.str.redhat.com> <3bb434ac-8e7d-7170-32c8-086e68bc7ccd@redhat.com>

On 08/27/2018 09:03 PM, Carlos O'Donell wrote:

Thanks for this, I found the code and fix difficult to audit, a more detailed
explanation of the failure would have helped, particularly when they require
auditing allocation ownership. Just to give you an example this is what I would
like to see for these kinds of fixes.

I didn't want to post my analysis to prejudice yours, and wanted to seeif you came up with the same sequence of events in your review. I'm notsure if this is the right approach. How can we otherwise ensure that areview has some level of independence?


How far should we backport this fix?

Thanks,
Florian

Follow-Ups:
- Re: [PATCH] nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
  - From: Carlos O'Donell

References:
- [PATCH] nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
  - From: Florian Weimer
- Re: [PATCH] nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]