diff options
author | Jakub Jelinek <jakub@redhat.com> | 2009-05-15 21:17:08 -0700 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2009-05-15 21:17:08 -0700 |
commit | cfe1fc1013d0e7e4863c974fa0e78891cc0a2ed2 (patch) | |
tree | 77134fa880e4dd6db41a701034607e67a4dd9be1 /nscd/nscd_getgr_r.c | |
parent | 3b1b533bc3239ef6df1e40e0088e7270ac060be6 (diff) | |
download | glibc-cfe1fc1013d0e7e4863c974fa0e78891cc0a2ed2.tar.gz |
Robustify libc-side nscd database reader.
The nscd database mapped in processes can change at any time. We
have to be more vigilant when it comes to using that memory. Test
the data entries are valid in their entire size, don't read data
again from memory once we verified it, and make sure the trailing
pointer is not going off the deep end.
Diffstat (limited to 'nscd/nscd_getgr_r.c')
-rw-r--r-- | nscd/nscd_getgr_r.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c index b84b06b3ce..c2d204c3c8 100644 --- a/nscd/nscd_getgr_r.c +++ b/nscd/nscd_getgr_r.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007 +/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998. @@ -107,7 +107,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, if (mapped != NO_MAPPING) { - struct datahead *found = __nscd_cache_search (type, key, keylen, mapped); + struct datahead *found = __nscd_cache_search (type, key, keylen, mapped, + sizeof gr_resp); if (found != NULL) { len = (const uint32_t *) (&found->data[0].grdata + 1); |