1650563 – nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]

Bug 1650563 - nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]

Summary: nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Florian Weimer
QA Contact:	Alexandra Petlanová Hájková
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-11-16 13:55 UTC by Carlos O'Donell
Modified:	2023-07-18 14:30 UTC (History)
CC List:	9 users (show)
Fixed In Version:	glibc-2.28-30.el8
Doc Type:	No Doc Update
Doc Text:	undefined
Clone Of:
Environment:
Last Closed:	2019-06-14 01:29:14 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Sourceware	23520	0	None	None	None	2019-02-05 13:04:19 UTC

Description Carlos O'Donell 2018-11-16 13:55:59 UTC

addinnetgrX may use the heap-allocated buffer, so free the buffer
in this function.

(cherry picked from commit 745664bd798ec8fd50438605948eea594179fba1)

We need to backport this commit:

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7d174f53539bfbfa9cdfa41ead605573d3f219eb

Comment 3 Alexandra Petlanová Hájková 2019-01-29 17:33:53 UTC

I checked https://cov01.lab.eng.brq.redhat.com/covscanhub/task/105046/log/glibc-2.28-28.el8/scan-results.err?format=raw contains glibc-2.28/nscd/netgroupcache.c:444: use_after_free: Using freed pointer "dataset", and https://cov01.lab.eng.brq.redhat.com/covscanhub/task/105305/log/glibc-2.28-34.el8/scan-results.err?format=raw doesn't contain such a warning anymore.

Note You need to log in before you can comment on or make changes to this bug.