projects / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0ada953) | patch
local-CVE-2024-33601-33602-nscd
authorGNU Libc Maintainers <debian-glibc@lists.debian.org>
Tue, 30 Apr 2024 21:57:11 +0000 (23:57 +0200)
committerAurelien Jarno <aurel32@debian.org>
Tue, 30 Apr 2024 21:57:11 +0000 (23:57 +0200)
commitf56c665efc0d18829fd4cc675240caa4d98f7c6b
treefc1dd74a27ed22589a72ada38e87706b004b9370tree | snapshot
parent0ada9539a315524aad30b45f7323579db0b8f0d5commit | diff
local-CVE-2024-33601-33602-nscd

commit bbf5a58ccb55679217f94de706164d15372fbbc0
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 25 15:01:07 2024 +0200

    CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)

    This avoids potential memory corruption when the underlying NSS
    callback function does not use the buffer space to store all strings
    (e.g., for constant strings).

    Instead of custom buffer management, two scratch buffers are used.
    This increases stack usage somewhat.

    Scratch buffer allocation failure is handled by return -1
    (an invalid timeout value) instead of terminating the process.
    This fixes bug 31679.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    (cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)

Gbp-Pq: Topic any
Gbp-Pq: Name local-CVE-2024-33601-33602-nscd.patch
nscd/netgroupcache.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.