This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
On 08/27/2018 09:03 PM, Carlos O'Donell wrote:
Thanks for this, I found the code and fix difficult to audit, a more detailed
explanation of the failure would have helped, particularly when they require
auditing allocation ownership. Just to give you an example this is what I would
like to see for these kinds of fixes.
I didn't want to post my analysis to prejudice yours, and wanted to see
if you came up with the same sequence of events in your review. I'm not
sure if this is the right approach. How can we otherwise ensure that a
review has some level of independence?
How far should we backport this fix?