CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34265)
Resolves: RHEL-34265
This commit is contained in:
Patsy Griffin
parent
001abaad14
commit
221f7bce5b
31
glibc-RHEL-34265.patch
Normal file
31
glibc-RHEL-34265.patch
Normal file
@ -0,0 +1,31 @@
|
||||
commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Thu Apr 25 15:00:45 2024 +0200
|
||||
|
||||
CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
|
||||
|
||||
Using alloca matches what other caches do. The request length is
|
||||
bounded by MAXKEYLEN.
|
||||
|
||||
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||
|
||||
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
|
||||
index 0c6e46f15c..f227dc7fa2 100644
|
||||
--- a/nscd/netgroupcache.c
|
||||
+++ b/nscd/netgroupcache.c
|
||||
@@ -502,12 +502,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||
= (struct indataset *) mempool_alloc (db,
|
||||
sizeof (*dataset) + req->key_len,
|
||||
1);
|
||||
- struct indataset dataset_mem;
|
||||
bool cacheable = true;
|
||||
if (__glibc_unlikely (dataset == NULL))
|
||||
{
|
||||
cacheable = false;
|
||||
- dataset = &dataset_mem;
|
||||
+ /* The alloca is safe because nscd_run_worker verfies that
|
||||
+ key_len is not larger than MAXKEYLEN. */
|
||||
+ dataset = alloca (sizeof (*dataset) + req->key_len);
|
||||
}
|
||||
|
||||
datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
|
||||
@ -155,7 +155,7 @@ end \
|
||||
Summary: The GNU libc libraries
|
||||
Name: glibc
|
||||
Version: %{glibcversion}
|
||||
Release: 110%{?dist}
|
||||
Release: 111%{?dist}
|
||||
|
||||
# In general, GPLv2+ is used by programs, LGPLv2+ is used for
|
||||
# libraries.
|
||||
@ -827,6 +827,7 @@ Patch590: glibc-RHEL-22165-4.patch
|
||||
Patch591: glibc-RHEL-22165-5.patch
|
||||
Patch592: glibc-RHEL-31805.patch
|
||||
Patch593: glibc-RHEL-25063.patch
|
||||
Patch594: glibc-RHEL-34265.patch
|
||||
|
||||
##############################################################################
|
||||
# Continued list of core "glibc" package information:
|
||||
@ -2985,6 +2986,9 @@ update_gconv_modules_cache ()
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jun 10 2024 Patsy Griffin <patsy@redhat.com> - 2.34-111
|
||||
- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34265)
|
||||
|
||||
* Mon Jun 10 2024 Arjun Shankar <arjun@redhat.com> - 2.34-110
|
||||
- Add new test for malloc mmap fall-back path upon sbrk failure (RHEL-25063)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user