diff options
Diffstat (limited to '0021-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch')
| -rw-r--r-- | 0021-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/0021-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch b/0021-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch new file mode 100644 index 0000000..29b9214 --- /dev/null +++ b/0021-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch @@ -0,0 +1,59 @@ +From 541ea5172aa658c4bd5c6c6d6fd13903c3d5bb0a Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Thu, 25 Apr 2024 15:01:07 +0200 +Subject: [PATCH 21/26] CVE-2024-33600: nscd: Do not send missing not-found + response in addgetnetgrentX (bug 31678) + +If we failed to add a not-found response to the cache, the dataset +point can be null, resulting in a null pointer dereference. + +Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> +(cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa) +--- + nscd/netgroupcache.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index 31b721bbee..32c6aef370 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -147,7 +147,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + /* No such service. */ + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + memset (&data, '\0', sizeof (data)); +@@ -348,7 +348,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + { + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + total = buffilled; +@@ -410,14 +410,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + if (he == NULL && fd != -1) +- { +- /* We write the dataset before inserting it to the database +- since while inserting this thread might block and so would +- unnecessarily let the receiver wait. */ +- writeout: ++ /* We write the dataset before inserting it to the database since ++ while inserting this thread might block and so would ++ unnecessarily let the receiver wait. */ + writeall (fd, &dataset->resp, dataset->head.recsize); +- } + ++ maybe_cache_add: + if (cacheable) + { + /* If necessary, we also propagate the data to disk. */ +-- +2.33.0 + |