On Wed, Mar 28, 2012 at 3:41 PM, Siddhesh Poyarekar
<siddhesh.poyarekar@gmail.com> wrote:
On Wed, Mar 28, 2012 at 3:29 PM, Andreas Jaeger<aj@suse.com> wrote:
nss_compat allocates buffer space on stack using alloca (and
extend_alloca) for initgroup and keeps extending it to fit in larger
lines. This breaks for cases where the number of members in a gorup
are very large, causing the alloca reference to go beyond thread
stack boundary. Attached patch falls back to malloc/free if the
buffer size needed is beyond __libc_alloca_cutoff.
Please state in your submission how and where this was tested.
The patch itself looks fine to me but I'd like to hear about testing,
I tested this using the reproducer steps described in the bug report
as well as with an ldap group with large number of users. I've tried
this on x86_64 boxes with backports of the patch to RHEL-5 (patch
needed modifications), RHEL-6 and also on my F-16 box with glibc built
off HEAD.
Updated ChangeLog with the bz number:
ChangeLog:
2012-02-09 Siddhesh Poyarekar<siddhesh@redhat.com>
[BZ #13761]
* nis/nss_compat/compat-initgroups.c (getgrent_next_nss,
_nss_compat_initgroups_dyn): Fall back to malloc/free for
large group memberships.