Message ID | 20140312090859.GA887@spoyarek.pnq.redhat.com |
---|---|
State | Committed |
Headers | show |
On Wed, Mar 12, 2014 at 02:38:59PM +0530, Siddhesh Poyarekar wrote: > The buffer to query netgroup entries is allocated sufficient space for > the netgroup entries and the key to be appended at the end, but it > sends in an incorrect available length to the NSS netgroup query > functions, resulting in overflow of the buffer in some special cases. > The fix here is to factor in the key length when sending the available > buffer and buffer length to the query functions. > > Tested on x86_64. OK to commit? > Looks ok.
Siddhesh Poyarekar <siddhesh@redhat.com> writes: > [BZ #16695] > * nscd/netgroupcache.c (addgetnetgrentX): Factor in space for > key in the buffer. Ok. Andreas.
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c index 426d3c5..5ba1e1f 100644 --- a/nscd/netgroupcache.c +++ b/nscd/netgroupcache.c @@ -202,7 +202,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, { int e; status = getfct.f (&data, buffer + buffilled, - buflen - buffilled, &e); + buflen - buffilled - req->key_len, &e); if (status == NSS_STATUS_RETURN || status == NSS_STATUS_NOTFOUND) /* This was either the last one for this group or the