aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2014-01-27 11:32:44 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2014-01-27 11:32:44 +0530
commitaf37a8a3496327a6e5617a2c76f17aa1e8db835e (patch)
tree20fcea9ef0d2c17620c801b4c990259565cce399 /nscd/netgroupcache.c
parentUpdate French translations (diff)
downloadglibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.tar.gz
glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.tar.bz2
glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.zip
Avoid undefined behaviour in netgroupcache
Using a buffer after it has been reallocated is undefined behaviour, so get offsets of the triplets in the old buffer before reallocating it.
Diffstat (limited to 'nscd/netgroupcache.c')
-rw-r--r--nscd/netgroupcache.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 924567c3f3..be01fe8670 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -241,15 +241,21 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
if (buflen - req->key_len - bufused < needed)
{
buflen += MAX (buflen, 2 * needed);
+ /* Save offset in the old buffer. We don't
+ bother with the NULL check here since
+ we'll do that later anyway. */
+ size_t nhostdiff = nhost - buffer;
+ size_t nuserdiff = nuser - buffer;
+ size_t ndomaindiff = ndomain - buffer;
+
char *newbuf = xrealloc (buffer, buflen);
- /* Adjust the pointers in the new
+ /* Fix up the triplet pointers into the new
buffer. */
- nhost = (nhost ? newbuf + (nhost - buffer)
+ nhost = (nhost ? newbuf + nhostdiff
: NULL);
- nuser = (nuser ? newbuf + (nuser - buffer)
+ nuser = (nuser ? newbuf + nuserdiff
: NULL);
- ndomain = (ndomain
- ? newbuf + (ndomain - buffer)
+ ndomain = (ndomain ? newbuf + ndomaindiff
: NULL);
buffer = newbuf;
}