diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-08-03 06:28:41 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-08-03 06:28:41 +0000 |
| commit | d20db0561a6a36f914fde030512503b114ef9a0c (patch) | |
| tree | d4e5e3494d95c269a1cee6195f11bf3201bcadbf /backport-CVE-2024-33600-nscd-Do-not-send-missing-not-found-response.patch | |
| parent | 016343d99b1b269d7246ef1e143d4b54914433d4 (diff) | |
automatic import of glibcopeneuler22.03_LTS_SP4openeuler22.03_LTS_SP3openeuler20.03
Diffstat (limited to 'backport-CVE-2024-33600-nscd-Do-not-send-missing-not-found-response.patch')
| -rw-r--r-- | backport-CVE-2024-33600-nscd-Do-not-send-missing-not-found-response.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/backport-CVE-2024-33600-nscd-Do-not-send-missing-not-found-response.patch b/backport-CVE-2024-33600-nscd-Do-not-send-missing-not-found-response.patch new file mode 100644 index 0000000..0937c54 --- /dev/null +++ b/backport-CVE-2024-33600-nscd-Do-not-send-missing-not-found-response.patch @@ -0,0 +1,62 @@ +From 7835b00dbce53c3c87bbbb1754a95fb5e58187aa Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Thu, 25 Apr 2024 15:01:07 +0200 +Subject: [PATCH] CVE-2024-33600: nscd: Do not send missing not-found response + in addgetnetgrentX (bug 31678) + +If we failed to add a not-found response to the cache, the dataset +point can be null, resulting in a null pointer dereference. + +Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> + +Conflict:NA +Reference:https://sourceware.org/git/?p=glibc.git;a=patch;h=7835b00dbce53c3c87bbbb1754a95fb5e58187aa + +--- + nscd/netgroupcache.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index f13a11b4..08668e96 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -148,7 +148,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + /* No such service. */ + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + memset (&data, '\0', sizeof (data)); +@@ -349,7 +349,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + { + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + total = buffilled; +@@ -411,14 +411,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + if (he == NULL && fd != -1) +- { +- /* We write the dataset before inserting it to the database +- since while inserting this thread might block and so would +- unnecessarily let the receiver wait. */ +- writeout: ++ /* We write the dataset before inserting it to the database since ++ while inserting this thread might block and so would ++ unnecessarily let the receiver wait. */ + writeall (fd, &dataset->resp, dataset->head.recsize); +- } + ++ maybe_cache_add: + if (cacheable) + { + /* If necessary, we also propagate the data to disk. */ +-- +2.33.0 + |