Provide correct buffer length to netgroup queries in nscd (BZ #16695)
Commit Message
The buffer to query netgroup entries is allocated sufficient space for
the netgroup entries and the key to be appended at the end, but it
sends in an incorrect available length to the NSS netgroup query
functions, resulting in overflow of the buffer in some special cases.
The fix here is to factor in the key length when sending the available
buffer and buffer length to the query functions.
Tested on x86_64. OK to commit?
Siddhesh
[BZ #16695]
* nscd/netgroupcache.c (addgetnetgrentX): Factor in space for
key in the buffer.
---
nscd/netgroupcache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Wed, Mar 12, 2014 at 02:38:59PM +0530, Siddhesh Poyarekar wrote:
> The buffer to query netgroup entries is allocated sufficient space for
> the netgroup entries and the key to be appended at the end, but it
> sends in an incorrect available length to the NSS netgroup query
> functions, resulting in overflow of the buffer in some special cases.
> The fix here is to factor in the key length when sending the available
> buffer and buffer length to the query functions.
>
> Tested on x86_64. OK to commit?
>
Looks ok.
Siddhesh Poyarekar <siddhesh@redhat.com> writes:
> [BZ #16695]
> * nscd/netgroupcache.c (addgetnetgrentX): Factor in space for
> key in the buffer.
Ok.
Andreas.
@@ -202,7 +202,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
{
int e;
status = getfct.f (&data, buffer + buffilled,
- buflen - buffilled, &e);
+ buflen - buffilled - req->key_len, &e);
if (status == NSS_STATUS_RETURN
|| status == NSS_STATUS_NOTFOUND)
/* This was either the last one for this group or the