aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2014-01-27 11:32:44 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2014-01-27 11:32:44 +0530
commitaf37a8a3496327a6e5617a2c76f17aa1e8db835e (patch)
tree20fcea9ef0d2c17620c801b4c990259565cce399
parent0c00f062dd97e4ebb3244147fc5af962aba53c7e (diff)
downloadglibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.zip
glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.tar.gz
glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.tar.bz2
Avoid undefined behaviour in netgroupcache
Using a buffer after it has been reallocated is undefined behaviour, so get offsets of the triplets in the old buffer before reallocating it.
-rw-r--r--ChangeLog5
-rw-r--r--nscd/netgroupcache.c16
2 files changed, 16 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 1a23eba..a1f549e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-01-27 Siddhesh Poyarekar <siddhesh@redhat.com>
+
+ * nscd/netgroupcache.c (addgetnetgrentX): Compute offset from
+ the old buffer before realloc.
+
2014-01-27 Allan McRae <allan@archlinux.org>
* po/fr.po: Update French translation from translation project.
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 924567c..be01fe8 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -241,15 +241,21 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
if (buflen - req->key_len - bufused < needed)
{
buflen += MAX (buflen, 2 * needed);
+ /* Save offset in the old buffer. We don't
+ bother with the NULL check here since
+ we'll do that later anyway. */
+ size_t nhostdiff = nhost - buffer;
+ size_t nuserdiff = nuser - buffer;
+ size_t ndomaindiff = ndomain - buffer;
+
char *newbuf = xrealloc (buffer, buflen);
- /* Adjust the pointers in the new
+ /* Fix up the triplet pointers into the new
buffer. */
- nhost = (nhost ? newbuf + (nhost - buffer)
+ nhost = (nhost ? newbuf + nhostdiff
: NULL);
- nuser = (nuser ? newbuf + (nuser - buffer)
+ nuser = (nuser ? newbuf + nuserdiff
: NULL);
- ndomain = (ndomain
- ? newbuf + (ndomain - buffer)
+ ndomain = (ndomain ? newbuf + ndomaindiff
: NULL);
buffer = newbuf;
}