wok-current view glibc/stuff/CVE-2024-33600-1.patch @ rev 25775
Patch glibc (CVE-2025-4802)
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Thu May 22 19:19:31 2025 +0000 (5 months ago) |
| parents | |
| children |
line source
1 From f20a8d696b13c6261b52a6434899121f8b19d5a7 Mon Sep 17 00:00:00 2001
2 From: Florian Weimer <fweimer@redhat.com>
3 Date: Thu, 25 Apr 2024 15:01:07 +0200
4 Subject: [PATCH] CVE-2024-33600: nscd: Do not send missing not-found response
5 in addgetnetgrentX (bug 31678)
7 If we failed to add a not-found response to the cache, the dataset
8 point can be null, resulting in a null pointer dereference.
10 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
11 (cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa)
12 ---
13 nscd/netgroupcache.c | 14 ++++++--------
14 1 file changed, 6 insertions(+), 8 deletions(-)
16 diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
17 index 8835547acfa..f2e7d60b50e 100644
18 --- a/nscd/netgroupcache.c
19 +++ b/nscd/netgroupcache.c
20 @@ -148,7 +148,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
21 /* No such service. */
22 cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
23 &key_copy);
24 - goto writeout;
25 + goto maybe_cache_add;
26 }
28 memset (&data, '\0', sizeof (data));
29 @@ -349,7 +349,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
30 {
31 cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
32 &key_copy);
33 - goto writeout;
34 + goto maybe_cache_add;
35 }
37 total = buffilled;
38 @@ -411,14 +411,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
39 }
41 if (he == NULL && fd != -1)
42 - {
43 - /* We write the dataset before inserting it to the database
44 - since while inserting this thread might block and so would
45 - unnecessarily let the receiver wait. */
46 - writeout:
47 + /* We write the dataset before inserting it to the database since
48 + while inserting this thread might block and so would
49 + unnecessarily let the receiver wait. */
50 writeall (fd, &dataset->resp, dataset->head.recsize);
51 - }
53 + maybe_cache_add:
54 if (cacheable)
55 {
56 /* If necessary, we also propagate the data to disk. */