This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Fix nss_nisplus build with mainline GCC (bug 20978)
- From: Joseph Myers <joseph at codesourcery dot com>
- To: <libc-alpha at sourceware dot org>
- Date: Wed, 21 Dec 2016 14:57:13 +0000
- Subject: Re: Fix nss_nisplus build with mainline GCC (bug 20978)
- Authentication-results: sourceware.org; auth=none
- References: <alpine.DEB.2.20.1612201656050.10818@digraph.polyomino.org.uk>
On Tue, 20 Dec 2016, Joseph Myers wrote:
> x86_64. However, I have not tried any actual substantive nisplus
> testing, do not have an environment for such testing, and do not know
> whether it is possible that strlen (name) or tablename_len might be
> large so that the VLA for buf is actually a security issue. However,
> if it is a security issue, there are plenty of other similar instances
> in the nisplus code (that haven't been hidden by a bogus comparison
> with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
> string passed to nis_list, so a local fix in the caller wouldn't
> suffice anyway (and maybe if there are issues that means a separate
> bug or bugs should be filed to track them). (Calls to strdupa and
Bug 20987 now filed for this group of apparently unbounded NIS+ stack
allocations. I hope this build fix patch can be considered separately
from any fixes needed for those stack allocations.
--
Joseph S. Myers
joseph@codesourcery.com