wok-current diff glibc/stuff/CVE-2024-33599.patch @ rev 25728
Merge wok for both arch and few updates
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Thu Dec 05 08:39:45 2024 +0000 (5 weeks ago) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/glibc/stuff/CVE-2024-33599.patch Thu Dec 05 08:39:45 2024 +0000 1.3 @@ -0,0 +1,35 @@ 1.4 +From 5c75001a96abcd50cbdb74df24c3f013188d076e Mon Sep 17 00:00:00 2001 1.5 +From: Florian Weimer <fweimer@redhat.com> 1.6 +Date: Thu, 25 Apr 2024 15:00:45 +0200 1.7 +Subject: [PATCH] CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup 1.8 + cache (bug 31677) 1.9 + 1.10 +Using alloca matches what other caches do. The request length is 1.11 +bounded by MAXKEYLEN. 1.12 + 1.13 +Reviewed-by: Carlos O'Donell <carlos@redhat.com> 1.14 +(cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa) 1.15 +--- 1.16 + nscd/netgroupcache.c | 5 +++-- 1.17 + 1 file changed, 3 insertions(+), 2 deletions(-) 1.18 + 1.19 +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c 1.20 +index ad2daddafdc..8835547acfa 100644 1.21 +--- a/nscd/netgroupcache.c 1.22 ++++ b/nscd/netgroupcache.c 1.23 +@@ -503,12 +503,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, 1.24 + = (struct indataset *) mempool_alloc (db, 1.25 + sizeof (*dataset) + req->key_len, 1.26 + 1); 1.27 +- struct indataset dataset_mem; 1.28 + bool cacheable = true; 1.29 + if (__glibc_unlikely (dataset == NULL)) 1.30 + { 1.31 + cacheable = false; 1.32 +- dataset = &dataset_mem; 1.33 ++ /* The alloca is safe because nscd_run_worker verfies that 1.34 ++ key_len is not larger than MAXKEYLEN. */ 1.35 ++ dataset = alloca (sizeof (*dataset) + req->key_len); 1.36 + } 1.37 + 1.38 + datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,