This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
- From: Andreas Schwab <schwab at suse dot de>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 25 Mar 2015 09:44:59 +0100
- Subject: Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
- Authentication-results: sourceware.org; auth=none
- References: <54EB120A dot 1010202 at redhat dot com> <5506F010 dot 1090608 at redhat dot com>
Florian Weimer <firstname.lastname@example.org> writes:
> On 02/23/2015 12:42 PM, Florian Weimer wrote:
>> Robin Hack discovered that Samba would enter an infinite loop when
>> processing quota-related requests. It turns out this is a bug in the
>> nss_files database. Performing a lookup in the middle of an iteration
>> (say, getwuid between getpwent) effectively resets the file pointer, so
>> that the iteration starts again from the beginning.
>> Tested on x86_64-redhat-linux-gnu. Okay to commit?
> Can we at least fix the most common instance of this bug?
It's the wrong way to fix the bug. The getpwuid function should use a
separate state local to this function, with _all_ backends.
Andreas Schwab, SUSE Labs, email@example.com
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."