wok-current annotate glibc/stuff/CVE-2024-33599.patch @ rev 25728
Merge wok for both arch and few updates
author | Stanislas Leduc <shann@slitaz.org> |
---|---|
date | Thu Dec 05 08:39:45 2024 +0000 (5 weeks ago) |
parents | |
children |
rev | line source |
---|---|
shann@25728 | 1 From 5c75001a96abcd50cbdb74df24c3f013188d076e Mon Sep 17 00:00:00 2001 |
shann@25728 | 2 From: Florian Weimer <fweimer@redhat.com> |
shann@25728 | 3 Date: Thu, 25 Apr 2024 15:00:45 +0200 |
shann@25728 | 4 Subject: [PATCH] CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup |
shann@25728 | 5 cache (bug 31677) |
shann@25728 | 6 |
shann@25728 | 7 Using alloca matches what other caches do. The request length is |
shann@25728 | 8 bounded by MAXKEYLEN. |
shann@25728 | 9 |
shann@25728 | 10 Reviewed-by: Carlos O'Donell <carlos@redhat.com> |
shann@25728 | 11 (cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa) |
shann@25728 | 12 --- |
shann@25728 | 13 nscd/netgroupcache.c | 5 +++-- |
shann@25728 | 14 1 file changed, 3 insertions(+), 2 deletions(-) |
shann@25728 | 15 |
shann@25728 | 16 diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c |
shann@25728 | 17 index ad2daddafdc..8835547acfa 100644 |
shann@25728 | 18 --- a/nscd/netgroupcache.c |
shann@25728 | 19 +++ b/nscd/netgroupcache.c |
shann@25728 | 20 @@ -503,12 +503,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, |
shann@25728 | 21 = (struct indataset *) mempool_alloc (db, |
shann@25728 | 22 sizeof (*dataset) + req->key_len, |
shann@25728 | 23 1); |
shann@25728 | 24 - struct indataset dataset_mem; |
shann@25728 | 25 bool cacheable = true; |
shann@25728 | 26 if (__glibc_unlikely (dataset == NULL)) |
shann@25728 | 27 { |
shann@25728 | 28 cacheable = false; |
shann@25728 | 29 - dataset = &dataset_mem; |
shann@25728 | 30 + /* The alloca is safe because nscd_run_worker verfies that |
shann@25728 | 31 + key_len is not larger than MAXKEYLEN. */ |
shann@25728 | 32 + dataset = alloca (sizeof (*dataset) + req->key_len); |
shann@25728 | 33 } |
shann@25728 | 34 |
shann@25728 | 35 datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len, |