dgit.raspbian.org Git - glibc.git/commit

author	GNU Libc Maintainers <debian-glibc@lists.debian.org>
	Tue, 30 Apr 2024 21:07:28 +0000 (23:07 +0200)
committer	Aurelien Jarno <aurel32@debian.org>
	Tue, 30 Apr 2024 21:07:28 +0000 (23:07 +0200)
commit	3d3fa786a4f01618f5446081301b4a6f7b8a492c
tree	fa529072d0457dbfb890dda8a753f7a61747de00	tree \| snapshot
parent	81c41043e8f3bb318ec8372123f2ed7adc7ef599	commit \| diff

local-CVE-2024-33600-nscd

commit c34f470a615b136170abd16142da5dd0c024f7d1
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 25 15:01:07 2024 +0200

    CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)

    If we failed to add a not-found response to the cache, the dataset
    point can be null, resulting in a null pointer dereference.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    (cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa)

commit f205b3af56740e3b014915b1bd3b162afe3407ef
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 25 15:01:07 2024 +0200

    CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)

    The addgetnetgrentX call in addinnetgrX may have failed to produce
    a result, so the result variable in addinnetgrX can be NULL.
    Use db->negtimeout as the fallback value if there is no result data;
    the timeout is also overwritten below.

    Also avoid sending a second not-found response.  (The client
    disconnects after receiving the first response, so the data stream did
    not go out of sync even without this fix.)  It is still beneficial to
    add the negative response to the mapping, so that the client can get
    it from there in the future, instead of going through the socket.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    (cherry picked from commit b048a482f088e53144d26a61c390bed0210f49f2)

Gbp-Pq: Topic any
Gbp-Pq: Name local-CVE-2024-33600-nscd.diff