mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-26 15:00:06 +00:00
a6033052d0
Reproducer (needs to run as root):
perl -e \
'print "large❌999:" . join(",", map {"user$_"} (1 .. 135))."\n"' \
>> /etc/group
cd /var/db
make
getent -s db group
After the fix, the last command should list the "large" group.
The magic number 135 has been chosen so that the line is shorter than
1024 bytes, but the pointers required to encode the member array will
cross the threshold, triggering the bug.
|
||
---|---|---|
.. | ||
db-init.c | ||
db-initgroups.c | ||
db-netgrp.c | ||
db-open.c | ||
db-XXX.c | ||
nss_db.h |