File glibc-CVE-2024-33600-nscd-Do-not-send-missing-n... of Package glibc.i686

Overview Repositories Revisions Requests Users Attributes Meta

File glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch of Package glibc.i686

From 3e2e7283b5bd0c990da4b250011d3d80ca40c7c1 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 25 Apr 2024 15:01:07 +0200
Subject: [PATCH] CVE-2024-33600: nscd: Do not send missing not-found response
 in addgetnetgrentX (bug 31678)

If we failed to add a not-found response to the cache, the dataset
point can be null, resulting in a null pointer dereference.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa)
---
 nscd/netgroupcache.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 81180b1eca..40cd993133 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -148,7 +148,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
       /* No such service.  */
       cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
 			       &key_copy);
-      goto writeout;
+      goto maybe_cache_add;
     }
 
   memset (&data, '\0', sizeof (data));
@@ -349,7 +349,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
     {
       cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
 			       &key_copy);
-      goto writeout;
+      goto maybe_cache_add;
     }
 
   total = buffilled;
@@ -411,14 +411,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
   }
 
   if (he == NULL && fd != -1)
-    {
-      /* We write the dataset before inserting it to the database
-	 since while inserting this thread might block and so would
-	 unnecessarily let the receiver wait.  */
-    writeout:
-      writeall (fd, &dataset->resp, dataset->head.recsize);
-    }
+    /* We write the dataset before inserting it to the database
+       since while inserting this thread might block and so would
+       unnecessarily let the receiver wait.  */
+    writeall (fd, &dataset->resp, dataset->head.recsize);
 
+ maybe_cache_add:
   if (cacheable)
     {
       /* If necessary, we also propagate the data to disk.  */
-- 
2.45.0

Places

File glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch of Package glibc.i686

Places