summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDJ Delorie <dj@delorie.com>2017-10-07 13:32:00 +0200
committerFlorian Weimer <fweimer@redhat.com>2017-10-07 13:32:01 +0200
commitb70f43dcef0ca638d2d550ead8007f7c9bb7e4bb (patch)
treecc4dcc66bb94475d6e5759bee8f8c1f71a958dfc
parentcaa97d7a46db35a5ddb7bc53e56a866bc180c3b0 (diff)
downloadglibc-b70f43dcef0ca638d2d550ead8007f7c9bb7e4bb.tar.gz
Fix cast-after-dereference
Original code was dereferencing a char*, then casting the value to size_t. Should cast the pointer to size_t* then deference. (cherry picked from commit f8cef4d07d9641e27629bd3ce2d13f5d702fb251)
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--NEWS1
-rw-r--r--grp/grp-merge.c2
3 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index fe5103f03e..80cb667dd2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-07-19 DJ Delorie <dj@delorie.com>
+
+ [BZ #21654]
+ * grp/grp-merge.c (libc_hidden_def): Fix cast-after-dereference.
+
2017-07-14 DJ Delorie <dj@redhat.com>
[BZ #21654]
diff --git a/NEWS b/NEWS
index f60077bee5..f03910105a 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,7 @@ The following bugs are resolved with this release:
[21386] Assertion in fork for distinct parent PID is incorrect
[21609] x86-64: Align the stack in __tls_get_addr
[21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+ [21654] nss: Fix invalid cast in group merging
Version 2.24
diff --git a/grp/grp-merge.c b/grp/grp-merge.c
index 50573b8986..5f79755798 100644
--- a/grp/grp-merge.c
+++ b/grp/grp-merge.c
@@ -137,7 +137,7 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
/* Get the count of group members from the last sizeof (size_t) bytes in the
mergegrp buffer. */
- savedmemcount = (size_t) *(savedend - sizeof (size_t));
+ savedmemcount = *(size_t *) (savedend - sizeof (size_t));
/* Get the count of new members to add. */
for (memcount = 0; mergegrp->gr_mem[memcount]; memcount++)
View Lorry Controller Status