rpms/glibc
7
0
Fork 1
Code Issues Pull Requests Releases Activity

CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34265)

Browse Source 
Resolves: RHEL-34265
This commit is contained in:
Patsy Griffin 2024-06-10 13:51:02 -04:00
parent 001abaad14
commit 221f7bce5b
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
glibc-RHEL-34265.patch Normal file
View File

@ -0,0 +1,31 @@
commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Apr 25 15:00:45 2024 +0200
CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
Using alloca matches what other caches do. The request length is
bounded by MAXKEYLEN.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 0c6e46f15c..f227dc7fa2 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -502,12 +502,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
= (struct indataset *) mempool_alloc (db,
sizeof (*dataset) + req->key_len,
1);
- struct indataset dataset_mem;
bool cacheable = true;
if (__glibc_unlikely (dataset == NULL))
{
cacheable = false;
- dataset = &dataset_mem;
+ /* The alloca is safe because nscd_run_worker verfies that
+ key_len is not larger than MAXKEYLEN. */
+ dataset = alloca (sizeof (*dataset) + req->key_len);
}
datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,

6
glibc.spec
View File

@ -155,7 +155,7 @@ end \
Summary: The GNU libc libraries Summary: The GNU libc libraries
Name: glibc Name: glibc
Version: %{glibcversion} Version: %{glibcversion}
Release: 110%{?dist} Release: 111%{?dist}
# In general, GPLv2+ is used by programs, LGPLv2+ is used for # In general, GPLv2+ is used by programs, LGPLv2+ is used for
# libraries. # libraries.
@ -827,6 +827,7 @@ Patch590: glibc-RHEL-22165-4.patch
Patch591: glibc-RHEL-22165-5.patch Patch591: glibc-RHEL-22165-5.patch
Patch592: glibc-RHEL-31805.patch Patch592: glibc-RHEL-31805.patch
Patch593: glibc-RHEL-25063.patch Patch593: glibc-RHEL-25063.patch
Patch594: glibc-RHEL-34265.patch
############################################################################## ##############################################################################
# Continued list of core "glibc" package information: # Continued list of core "glibc" package information:
@ -2985,6 +2986,9 @@ update_gconv_modules_cache ()
%endif %endif
%changelog %changelog
* Mon Jun 10 2024 Patsy Griffin <patsy@redhat.com> - 2.34-111
- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34265)
* Mon Jun 10 2024 Arjun Shankar <arjun@redhat.com> - 2.34-110 * Mon Jun 10 2024 Arjun Shankar <arjun@redhat.com> - 2.34-110
- Add new test for malloc mmap fall-back path upon sbrk failure (RHEL-25063) - Add new test for malloc mmap fall-back path upon sbrk failure (RHEL-25063)