forked from rpms/glibc
CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34265)
Resolves: RHEL-34265
This commit is contained in:
parent
001abaad14
commit
221f7bce5b
31
glibc-RHEL-34265.patch
Normal file
31
glibc-RHEL-34265.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa
|
||||||
|
Author: Florian Weimer <fweimer@redhat.com>
|
||||||
|
Date: Thu Apr 25 15:00:45 2024 +0200
|
||||||
|
|
||||||
|
CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
|
||||||
|
|
||||||
|
Using alloca matches what other caches do. The request length is
|
||||||
|
bounded by MAXKEYLEN.
|
||||||
|
|
||||||
|
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
|
||||||
|
index 0c6e46f15c..f227dc7fa2 100644
|
||||||
|
--- a/nscd/netgroupcache.c
|
||||||
|
+++ b/nscd/netgroupcache.c
|
||||||
|
@@ -502,12 +502,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
= (struct indataset *) mempool_alloc (db,
|
||||||
|
sizeof (*dataset) + req->key_len,
|
||||||
|
1);
|
||||||
|
- struct indataset dataset_mem;
|
||||||
|
bool cacheable = true;
|
||||||
|
if (__glibc_unlikely (dataset == NULL))
|
||||||
|
{
|
||||||
|
cacheable = false;
|
||||||
|
- dataset = &dataset_mem;
|
||||||
|
+ /* The alloca is safe because nscd_run_worker verfies that
|
||||||
|
+ key_len is not larger than MAXKEYLEN. */
|
||||||
|
+ dataset = alloca (sizeof (*dataset) + req->key_len);
|
||||||
|
}
|
||||||
|
|
||||||
|
datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
|
@ -155,7 +155,7 @@ end \
|
|||||||
Summary: The GNU libc libraries
|
Summary: The GNU libc libraries
|
||||||
Name: glibc
|
Name: glibc
|
||||||
Version: %{glibcversion}
|
Version: %{glibcversion}
|
||||||
Release: 110%{?dist}
|
Release: 111%{?dist}
|
||||||
|
|
||||||
# In general, GPLv2+ is used by programs, LGPLv2+ is used for
|
# In general, GPLv2+ is used by programs, LGPLv2+ is used for
|
||||||
# libraries.
|
# libraries.
|
||||||
@ -827,6 +827,7 @@ Patch590: glibc-RHEL-22165-4.patch
|
|||||||
Patch591: glibc-RHEL-22165-5.patch
|
Patch591: glibc-RHEL-22165-5.patch
|
||||||
Patch592: glibc-RHEL-31805.patch
|
Patch592: glibc-RHEL-31805.patch
|
||||||
Patch593: glibc-RHEL-25063.patch
|
Patch593: glibc-RHEL-25063.patch
|
||||||
|
Patch594: glibc-RHEL-34265.patch
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# Continued list of core "glibc" package information:
|
# Continued list of core "glibc" package information:
|
||||||
@ -2985,6 +2986,9 @@ update_gconv_modules_cache ()
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 10 2024 Patsy Griffin <patsy@redhat.com> - 2.34-111
|
||||||
|
- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34265)
|
||||||
|
|
||||||
* Mon Jun 10 2024 Arjun Shankar <arjun@redhat.com> - 2.34-110
|
* Mon Jun 10 2024 Arjun Shankar <arjun@redhat.com> - 2.34-110
|
||||||
- Add new test for malloc mmap fall-back path upon sbrk failure (RHEL-25063)
|
- Add new test for malloc mmap fall-back path upon sbrk failure (RHEL-25063)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user