Bug 163538
Summary: | NSCD buffer overflow for large gids | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ivan Gyurdiev <ivg231> |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | drepper, nutello, roland |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-22 10:52:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 164815 |
Description
Ivan Gyurdiev
2005-07-18 18:18:32 UTC
This really isn't an overflow, as snprintf is used. With nscd built without -DNDEBUG, there would be an assertion failure, but Red Hat/Fedora glibcs are built with -DNDEBUG, so all that will happen is that uninitialized bytes will be added as cache entry keys. Should be fixed in glibc-2.3.90-3 and above. I am seeing this in the latest FC4 testing glibc/nscd (glibc-2.3.5-10.2): 30677: Reloading "14339447" in password cache! *** Segmentation fault Register dump: EAX: 00000001 EBX: 00e7aca0 ECX: 0000008c EDX: 00000005 ESI: b726b3b8 EDI: 6e54a504 EBP: b7067db4 ESP: b7067bac EIP: 00e72836 EFLAGS: 00010a13 CS: 0073 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b Trap: 0000000e Error: 00000004 OldMask: 00000000 ESP/signal: b7067bac CR2: 6e54a518 Backtrace: /lib/libSegFault.so[0x483115] [0x1ad420] nscd[0xe6d6a0] /lib/libpthread.so.0[0xdb7b80] /lib/libc.so.6(__clone+0x5e)[0x6d99ae] Is it the same bug or a variant thereof? The patch/report mention GIDs, but in my case it's a large UID. Should I file this as a separate bug for FC4, not Raw Hide? I am not sure what the procedure is in such a case. Any chance that the glibc in testing can be fixed before release, if this patch fixes the problem I am seeing? Re #6: That has certainly nothing to do with that: a) the above bug is fixed in 2.3.5-10.2 b) the bug used to be only in group handling code, not uid. Please file a new bugreport instead, install glibc-debuginfo and get a real backtrace, the above is not helpful. |