wok-current annotate glibc/stuff/CVE-2024-33599.patch @ rev 25728

Merge wok for both arch and few updates
author Stanislas Leduc <shann@slitaz.org>
date Thu Dec 05 08:39:45 2024 +0000 (5 weeks ago)
parents
children
rev   line source
shann@25728 1 From 5c75001a96abcd50cbdb74df24c3f013188d076e Mon Sep 17 00:00:00 2001
shann@25728 2 From: Florian Weimer <fweimer@redhat.com>
shann@25728 3 Date: Thu, 25 Apr 2024 15:00:45 +0200
shann@25728 4 Subject: [PATCH] CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup
shann@25728 5 cache (bug 31677)
shann@25728 6
shann@25728 7 Using alloca matches what other caches do. The request length is
shann@25728 8 bounded by MAXKEYLEN.
shann@25728 9
shann@25728 10 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
shann@25728 11 (cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa)
shann@25728 12 ---
shann@25728 13 nscd/netgroupcache.c | 5 +++--
shann@25728 14 1 file changed, 3 insertions(+), 2 deletions(-)
shann@25728 15
shann@25728 16 diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
shann@25728 17 index ad2daddafdc..8835547acfa 100644
shann@25728 18 --- a/nscd/netgroupcache.c
shann@25728 19 +++ b/nscd/netgroupcache.c
shann@25728 20 @@ -503,12 +503,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
shann@25728 21 = (struct indataset *) mempool_alloc (db,
shann@25728 22 sizeof (*dataset) + req->key_len,
shann@25728 23 1);
shann@25728 24 - struct indataset dataset_mem;
shann@25728 25 bool cacheable = true;
shann@25728 26 if (__glibc_unlikely (dataset == NULL))
shann@25728 27 {
shann@25728 28 cacheable = false;
shann@25728 29 - dataset = &dataset_mem;
shann@25728 30 + /* The alloca is safe because nscd_run_worker verfies that
shann@25728 31 + key_len is not larger than MAXKEYLEN. */
shann@25728 32 + dataset = alloca (sizeof (*dataset) + req->key_len);
shann@25728 33 }
shann@25728 34
shann@25728 35 datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,