Don't add input group during initgroups_dyn in hesiod (#921760)

This commit is contained in:
Siddhesh Poyarekar 2013-03-28 14:11:28 +05:30
parent bbd581848b
commit 209568f516
2 changed files with 62 additions and 1 deletions

55
glibc-rh921760.patch Normal file
View File

@ -0,0 +1,55 @@
commit 7a86be6e5f18ba99b25d75c555ce56fe1fcea325
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Thu Mar 28 11:45:47 2013 +0530
Don't add input group during initgroups_dyn in hesiod
Fixes BZ #15304.
The *initgroups_dyn functions are called with a group argument. This
group gid is usually skipped while populating the grouplist since the
caller adds that group id in advance.
The hesiod initgroups_dyn implementation however adds the group gid to
the list if it does not already exist. While it works fine for the
usual initgroups, it breaks nscd since it calls initgroups_dyn with -1
as the gid (to have all groups included).
diff --git a/hesiod/nss_hesiod/hesiod-grp.c b/hesiod/nss_hesiod/hesiod-grp.c
index c2ae166..b11952f 100644
--- a/hesiod/nss_hesiod/hesiod-grp.c
+++ b/hesiod/nss_hesiod/hesiod-grp.c
@@ -191,33 +191,6 @@ _nss_hesiod_initgroups_dyn (const char *user, gid_t group, long int *start,
return errno == ENOENT ? NSS_STATUS_NOTFOUND : NSS_STATUS_UNAVAIL;
}
- if (!internal_gid_in_list (groups, group, *start))
- {
- if (__builtin_expect (*start == *size, 0))
- {
- /* Need a bigger buffer. */
- gid_t *newgroups;
- long int newsize;
-
- if (limit > 0 && *size == limit)
- /* We reached the maximum. */
- goto done;
-
- if (limit <= 0)
- newsize = 2 * *size;
- else
- newsize = MIN (limit, 2 * *size);
-
- newgroups = realloc (groups, newsize * sizeof (*groups));
- if (newgroups == NULL)
- goto done;
- *groupsp = groups = newgroups;
- *size = newsize;
- }
-
- groups[(*start)++] = group;
- }
-
save_errno = errno;
p = *list;

View File

@ -27,7 +27,7 @@
Summary: The GNU libc libraries
Name: glibc
Version: %{glibcversion}
Release: 4%{?dist}
Release: 5%{?dist}
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
# Things that are linked directly into dynamically linked programs
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@ -115,6 +115,8 @@ Patch0035: %{name}-rh911307.patch
# Upstream BZ 15078
Patch2029: %{name}-rh905877.patch
Patch1030: %{name}-rh921760.patch
#
# Patches submitted, but not yet approved upstream.
# Each should be associated with a BZ.
@ -405,6 +407,7 @@ package or when debugging this package.
%patch2028 -p1
%patch0035 -p1
%patch2029 -p1
%patch1030 -p1
# On powerpc32, hp timing is only available in power4/power6
# libs, not in base, so pre-power4 dynamic linker is incompatible
@ -1204,6 +1207,9 @@ rm -f *.filelist*
%endif
%changelog
* Thu Mar 28 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-5
- Don't add input group during initgroups_dyn in hesiod (#921760).
* Sun Mar 17 2013 Carlos O'Donell <carlos@redhat.com> - 2.17-4
- Fixed i386 glibc builds (#917161).
- Fixed multibyte character processing crash in regexp (#905877, CVE-2013-0242)