This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] gshadow: Handle the parser's full buffer error code
- From: Florian Weimer <fweimer at redhat dot com>
- To: libc-alpha at sourceware dot org
- Date: Fri, 8 Jul 2016 13:22:21 +0200
- Subject: Re: [PATCH] gshadow: Handle the parser's full buffer error code
- Authentication-results: sourceware.org; auth=none
- References: <87oa6qyux5.fsf@gmail.com>
On 06/25/2016 02:27 AM, David Michael wrote:
* gshadow/fgetsgent_r.c (__fgetsgent_r): Return ERANGE when the
parse_line function returns its out-of-space error.
The fgetgsent function isn't handling errors from parse_line. That
means it can run out of buffer space when adding pointers to group
members and exit early without setting all members of the static result
struct. The static result's members will remain pointing at buffer
locations from the previous line, which have been overwritten with
incompatible data, causing segfaults after it is returned normally.
This needs a bug in Bugzilla.
Do you have a copyright assignment covering glibc on file with the FSF?
Thanks,
Florian