Bug 1650563

Summary: nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
Product: Red Hat Enterprise Linux 8 Reporter: Carlos O'Donell <codonell>
Component: glibcAssignee: Florian Weimer <fweimer>
Status: CLOSED CURRENTRELEASE QA Contact: Alexandra Petlanová Hájková <ahajkova>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: ahajkova, ashankar, codonell, dj, fweimer, mcermak, mnewsome, pfrankli, skolosov
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glibc-2.28-30.el8 Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-14 01:29:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Carlos O'Donell 2018-11-16 13:55:59 UTC 
addinnetgrX may use the heap-allocated buffer, so free the buffer
in this function.

(cherry picked from commit 745664bd798ec8fd50438605948eea594179fba1)

We need to backport this commit:

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7d174f53539bfbfa9cdfa41ead605573d3f219eb
Comment 3 Alexandra Petlanová Hájková 2019-01-29 17:33:53 UTC 
I checked https://cov01.lab.eng.brq.redhat.com/covscanhub/task/105046/log/glibc-2.28-28.el8/scan-results.err?format=raw contains glibc-2.28/nscd/netgroupcache.c:444: use_after_free: Using freed pointer "dataset", and https://cov01.lab.eng.brq.redhat.com/covscanhub/task/105305/log/glibc-2.28-34.el8/scan-results.err?format=raw doesn't contain such a warning anymore.