This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]


* Andreas Schwab:

> Florian Weimer <fw@deneb.enyo.de> writes:
>
>> Sorry, I don't see how this can be retrofitted on top of the existing
>> NSS API.  It assumes that the NSS module keeps the iteration state in
>> a per-module global variable.
>
> That's the bug.

Maybe.  But we cannot remove the old API (there are external NSS
modules, after all).  Therefore, such a change would only increase
complexity.

If we had tests, I think a better first step would be to reduce code
duplication between the NSS modules glibc ships, and clean up the
#include file mess.  But without tests, such changes offer a poor
risk/benefit trade-off.

>> The fix I proposed builds on Ulrich's original patch which attempted
>> to separate the state for lookup and iteration, but failed to do so
>> because of that incorrectly initialized variable.
>
> There is no "incorrectly initialized variable".

Ahem, I think the commit message of my patch explains this quite
clearly.  The code Ulrich added to deal with this corner case didn't
work as intended because a flag was not set correctly.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]