summaryrefslogtreecommitdiff
path: root/nscd/nscd_getgr_r.c
diff options
context:
space:
mode:
authorJakub Jelinek <jakub@redhat.com>2009-05-15 21:17:08 -0700
committerUlrich Drepper <drepper@redhat.com>2009-05-15 21:17:08 -0700
commitcfe1fc1013d0e7e4863c974fa0e78891cc0a2ed2 (patch)
tree77134fa880e4dd6db41a701034607e67a4dd9be1 /nscd/nscd_getgr_r.c
parent3b1b533bc3239ef6df1e40e0088e7270ac060be6 (diff)
downloadglibc-cfe1fc1013d0e7e4863c974fa0e78891cc0a2ed2.tar.gz
Robustify libc-side nscd database reader.
The nscd database mapped in processes can change at any time. We have to be more vigilant when it comes to using that memory. Test the data entries are valid in their entire size, don't read data again from memory once we verified it, and make sure the trailing pointer is not going off the deep end.
Diffstat (limited to 'nscd/nscd_getgr_r.c')
-rw-r--r--nscd/nscd_getgr_r.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c
index b84b06b3ce..c2d204c3c8 100644
--- a/nscd/nscd_getgr_r.c
+++ b/nscd/nscd_getgr_r.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007
+/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007, 2009
Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998.
@@ -107,7 +107,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
if (mapped != NO_MAPPING)
{
- struct datahead *found = __nscd_cache_search (type, key, keylen, mapped);
+ struct datahead *found = __nscd_cache_search (type, key, keylen, mapped,
+ sizeof gr_resp);
if (found != NULL)
{
len = (const uint32_t *) (&found->data[0].grdata + 1);