This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]

On 08/28/2018 07:40 AM, Florian Weimer wrote:
> On 08/27/2018 09:03 PM, Carlos O'Donell wrote:
>> Thanks for this, I found the code and fix difficult to audit, a
>> more detailed explanation of the failure would have helped,
>> particularly when they require auditing allocation ownership. Just
>> to give you an example this is what I would like to see for these
>> kinds of fixes.
> I didn't want to post my analysis to prejudice yours, and wanted to
> see if you came up with the same sequence of events in your review.
> I'm not sure if this is the right approach.  How can we otherwise
> ensure that a review has some level of independence?

This is a very valid point. Perhaps it is sufficient to state this
clearly so the reviewer knows you have your own analysis and can
perhaps discuss aspects of it with you, but that you haven't posted
it to avoid tainting any subsequent analysis.

> How far should we backport this fix?

Not far. AFAICT only a low-memory failure will trigger the
use-after-free and correctness under low-memory constraints
is difficult to prove.

I'd fix it in master only, or master and release/2.28/master
if you are feeling generous :-)


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]