diff options
author | Siddhesh Poyarekar <siddhesh@redhat.com> | 2014-01-27 11:32:44 +0530 |
---|---|---|
committer | Siddhesh Poyarekar <siddhesh@redhat.com> | 2014-01-27 11:32:44 +0530 |
commit | af37a8a3496327a6e5617a2c76f17aa1e8db835e (patch) | |
tree | 20fcea9ef0d2c17620c801b4c990259565cce399 /nscd/netgroupcache.c | |
parent | Update French translations (diff) | |
download | glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.tar.gz glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.tar.bz2 glibc-af37a8a3496327a6e5617a2c76f17aa1e8db835e.zip |
Avoid undefined behaviour in netgroupcache
Using a buffer after it has been reallocated is undefined behaviour,
so get offsets of the triplets in the old buffer before reallocating
it.
Diffstat (limited to 'nscd/netgroupcache.c')
-rw-r--r-- | nscd/netgroupcache.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c index 924567c3f3..be01fe8670 100644 --- a/nscd/netgroupcache.c +++ b/nscd/netgroupcache.c @@ -241,15 +241,21 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, if (buflen - req->key_len - bufused < needed) { buflen += MAX (buflen, 2 * needed); + /* Save offset in the old buffer. We don't + bother with the NULL check here since + we'll do that later anyway. */ + size_t nhostdiff = nhost - buffer; + size_t nuserdiff = nuser - buffer; + size_t ndomaindiff = ndomain - buffer; + char *newbuf = xrealloc (buffer, buflen); - /* Adjust the pointers in the new + /* Fix up the triplet pointers into the new buffer. */ - nhost = (nhost ? newbuf + (nhost - buffer) + nhost = (nhost ? newbuf + nhostdiff : NULL); - nuser = (nuser ? newbuf + (nuser - buffer) + nuser = (nuser ? newbuf + nuserdiff : NULL); - ndomain = (ndomain - ? newbuf + (ndomain - buffer) + ndomain = (ndomain ? newbuf + ndomaindiff : NULL); buffer = newbuf; } |