picnoir/glibc
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
glibc/nss
History
Siddhesh Poyarekar d7b00f9810 Fix invalid memory access when parsing netgroup files with blank lines (BZ #16506) 
The netgroups file parsing code tries to access the character before
the newline in parsed lines to see if it is a backslash (\).  This
results in an access before the block allocated for the line if the
line is blank, i.e. does not have anything other than the newline
character.  This doesn't seem like it will cause any crashes because
the byte belongs to the malloc metadata block and hence access to it
will always succeed.

There could be an invalid alteration in code flow where a blank line
is seen as a continuation due to the preceding byte *happening* to be
'\\'.  This could be done by interposing malloc, but that's not really
a security problem since one could interpose getnetgrent_r itself and
achieve a similar 'exploit'.

The possibility of actually exploiting this is remote to impossible
since it also requires the previous line to end with a '\\', which
would happen only on invalid configurations.
2014-01-27 16:49:33 +05:30
..
nss_db Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
nss_files Fix invalid memory access when parsing netgroup files with blank lines (BZ #16506) 2014-01-27 16:49:33 +05:30
alias-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
bug-erange.c Update. 2002-09-29 18:25:48 +00:00
databases.def Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
db-Makefile Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
Depend Update. 2000-01-02 04:20:21 +00:00
digits_dots.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
ethers-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
function.def Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
getent.c Update remaining copyright dates 2014-01-01 22:02:55 +10:00
getnssent.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
getnssent_r.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
getXXbyYY.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
getXXbyYY_r.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
getXXent.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
getXXent_r.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
grp-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
hosts-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
key-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
makedb.c Update remaining copyright dates 2014-01-01 22:02:55 +10:00
Makefile Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
netgrp-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
network-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
nss.h Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
nss_test1.c Add self-contained test for NSS. 2010-08-11 07:25:02 -07:00
nsswitch.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
nsswitch.conf More configurability for secondary group lookup 2011-05-10 00:36:29 -04:00
nsswitch.h Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
proto-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
pwd-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
rpc-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
service-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
sgrp-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
spwd-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
test-digits-dots.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
test-netdb.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
tst-nss-static.c 2012-04-06 Paul Pluzhnikov <ppluzhnikov@google.com> 2012-04-06 13:49:35 -07:00
tst-nss-test1.c Add self-contained test for NSS. 2010-08-11 07:25:02 -07:00
Versions Get canonical name in getaddrinfo from hosts file for AF_INET (fixes 16077) 2013-11-28 17:18:12 +05:30
XXX-lookup.c Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00