mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-27 03:33:33 +08:00
CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
Using alloca matches what other caches do. The request length is
bounded by MAXKEYLEN.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 87801a8fd0
)
This commit is contained in:
parent
29e20bd122
commit
5968aebb86
@ -502,12 +502,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||
= (struct indataset *) mempool_alloc (db,
|
||||
sizeof (*dataset) + req->key_len,
|
||||
1);
|
||||
struct indataset dataset_mem;
|
||||
bool cacheable = true;
|
||||
if (__glibc_unlikely (dataset == NULL))
|
||||
{
|
||||
cacheable = false;
|
||||
dataset = &dataset_mem;
|
||||
/* The alloca is safe because nscd_run_worker verfies that
|
||||
key_len is not larger than MAXKEYLEN. */
|
||||
dataset = alloca (sizeof (*dataset) + req->key_len);
|
||||
}
|
||||
|
||||
datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
|
||||
|
Loading…
Reference in New Issue
Block a user