Summary: | [PATCH] Fix allocation in nss_compat for large number of memberships to a group | ||
---|---|---|---|
Product: | glibc | Reporter: | Siddhesh Poyarekar <siddhesh> |
Component: | nis | Assignee: | Carlos O'Donell <carlos> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | carlos, fweimer, law |
Priority: | P2 | Flags: | fweimer:
security+
|
Version: | unspecified | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2012-04-12 00:00:00 | |
Attachments: | Patch for another unbound allocate in nscd group handling |
Description
Siddhesh Poyarekar
2012-02-27 06:09:47 UTC
Updated patch here: http://sourceware.org/ml/libc-alpha/2012-02/msg00664.html I'm reviewing this issue. Fixed upstream with 984a42374ce2055836f580c2240306171757ea72. Created attachment 6339 [details]
Patch for another unbound allocate in nscd group handling
Additional QE testing showed another unbounded alloca in the nscd group handling; specifically the allocation of DATASET within cache_addgr. Using the testing procedures in this BZ nscd would coredump after blowing out the stack.
Attached is a follow up-patch we're using to address the additional unbound alloca.
nscd is still segfaulting due to unbound alloca uses using the testing procedures originally reported in this bug. 2012-11-28 Jeff Law <law@redhat.com> [BZ #13761] * nscd/grpcache.c (cache_addgr): Rename alloca_used to dataset_temporary. Track alloca usage into alloca_used. If dataset is large allocate and release it via malloc/free. |