AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-09 23:00:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix nscd readlink argument aliasing (bug 22446).

Browse Source 
Current GCC mainline detects that nscd calls readlink with the same
buffer for both input and output, which is not valid (those arguments
are both restrict-qualified in POSIX).  This patch makes it use a
separate buffer for readlink's input (with a size that is sufficient
to avoid truncation, so there should be no problems with warnings
about possible truncation, though not strictly minimal, but much
smaller than the buffer for output) to avoid this problem.

Tested compilation for aarch64-linux-gnu with build-many-glibcs.py.

	[BZ #22446]
	* nscd/connections.c (handle_request) [SO_PEERCRED]: Use separate
	buffers for readlink input and output.

(cherry picked from commit 49b036bce9)
This commit is contained in:
Joseph Myers 2018-10-22 14:08:12 +02:00 committed by Florian Weimer
parent 3fb525c103
commit 935cecfe9a
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2017-12-18 Joseph Myers <joseph@codesourcery.com>
[BZ #22446]
* nscd/connections.c (handle_request) [SO_PEERCRED]: Use separate
buffers for readlink input and output.
2017-12-15 Steve Ellcey <sellcey@cavium.com>
* nscd/dbg_log.c (dbg_log): Increase msg buffer size.

1
NEWS
View File

@ -127,6 +127,7 @@ The following bugs are resolved with this release:
[22375] malloc returns pointer from tcache instead of NULL (CVE-2017-17426)
[22377] Provide a C++ version of iseqsig
[22442] if_nametoindex: Check length of ifname before copying it
[22446] Fix nscd readlink argument aliasing
[22447] Avoid use of strlen in getlogin_r
[22463] Fix p_secstodate overflow handling
[22627] $ORIGIN in $LD_LIBRARY_PATH is substituted twice

5
nscd/connections.c
View File

@ -1077,14 +1077,15 @@ cannot handle old request version %d; current version is %d"),
if (debug_level > 0)
{
#ifdef SO_PEERCRED
char pbuf[sizeof ("/proc//exe") + 3 * sizeof (long int)];
# ifdef PATH_MAX
char buf[PATH_MAX];
# else
char buf[4096];
# endif
snprintf (buf, sizeof (buf), "/proc/%ld/exe", (long int) pid);
ssize_t n = readlink (buf, buf, sizeof (buf) - 1);
snprintf (pbuf, sizeof (pbuf), "/proc/%ld/exe", (long int) pid);
ssize_t n = readlink (pbuf, buf, sizeof (buf) - 1);
if (n <= 0)
dbg_log (_("\