BZ#17460: Fix buffer overrun in nscd --help.

diff --git a/ChangeLog b/ChangeLog
index c4c466a54438995ec242f7d97de4435a5a8fc250..3159fbeae8c9b17ab6c685ea07fb2ff8c27fd44d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2014-10-08  Roland McGrath  <roland@hack.frob.com>
+
+       [BZ #17460]
+       * nscd/nscd.c (more_help): Rewrite list of tables collection
+       using xstrdup and asprintf.
+
+       * nscd/nscd_conf.c: Remove local xstrdup declaration.
+
 2014-10-08  Kostya Serebryany  <konstantin.s.serebryany@gmail.com>
            Roland McGrath  <roland@hack.frob.com>
 

diff --git a/NEWS b/NEWS
index ef982687a71081b7e333891790ba7b34906947aa..accc1441d6b289fd7f3c88c76a18c0d6a48335eb 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.21
 
 * The following bugs are resolved with this release:
 
-  6652, 14171, 17266, 17363, 17370, 17371, 17411.
+  6652, 14171, 17266, 17363, 17370, 17371, 17411, 17460.
 \f
 Version 2.20
 

diff --git a/nscd/nscd.c b/nscd/nscd.c
index 7131ead8cbd65c7f3aaf5f75f3336bf803623804..b7704b37f840996b7284bab98a02596486ab1c98 100644 (file)
--- a/nscd/nscd.c
+++ b/nscd/nscd.c
@@ -451,33 +451,36 @@ parse_opt (int key, char *arg, struct argp_state *state)
 static char *
 more_help (int key, const char *text, void *input)
 {
-  char *tables, *tp = NULL;
-
   switch (key)
     {
     case ARGP_KEY_HELP_EXTRA:
       {
-       dbtype cnt;
+       /* We print some extra information.  */
 
-       tables = xmalloc (sizeof (dbnames) + 1);
-       for (cnt = 0; cnt < lastdb; cnt++)
+       char *tables = xstrdup (dbnames[0]);
+       for (dbtype i = 1; i < lastdb; ++i)
          {
-           strcat (tables, dbnames[cnt]);
-           strcat (tables, " ");
+           char *more_tables;
+           if (asprintf (&more_tables, "%s %s", tables, dbnames[i]) < 0)
+             more_tables = NULL;
+           free (tables);
+           if (more_tables == NULL)
+             return NULL;
+           tables = more_tables;
          }
-      }
 
-      /* We print some extra information.  */
-      if (asprintf (&tp, gettext ("\
+       char *tp;
+       if (asprintf (&tp, gettext ("\
 Supported tables:\n\
 %s\n\
 \n\
 For bug reporting instructions, please see:\n\
 %s.\n\
 "), tables, REPORT_BUGS_TO) < 0)
-       tp = NULL;
-      free (tables);
-      return tp;
+         tp = NULL;
+       free (tables);
+       return tp;
+      }
 
     default:
       break;
@@ -622,15 +625,15 @@ monitor_child (int fd)
        }
 
       if (WIFEXITED (status))
-        {
-          child_ret = WEXITSTATUS (status);
-          fprintf (stderr, _("child exited with status %d\n"), child_ret);
-        }
+       {
+         child_ret = WEXITSTATUS (status);
+         fprintf (stderr, _("child exited with status %d\n"), child_ret);
+       }
       if (WIFSIGNALED (status))
-        {
-          child_ret = WTERMSIG (status);
-          fprintf (stderr, _("child terminated by signal %d\n"), child_ret);
-        }
+       {
+         child_ret = WTERMSIG (status);
+         fprintf (stderr, _("child terminated by signal %d\n"), child_ret);
+       }
     }
 
   /* We have the child status, so exit with that code.  */

diff --git a/nscd/nscd_conf.c b/nscd/nscd_conf.c
index 7856ed9b5a3ae0656630609a1ece92346794fbc3..c8e194d3e21fd8acef0872058517cd9468eb3fb8 100644 (file)
--- a/nscd/nscd_conf.c
+++ b/nscd/nscd_conf.c
@@ -32,9 +32,6 @@
 #include "dbg_log.h"
 #include "nscd.h"
 
-/* Wrapper functions with error checking for standard functions.  */
-extern char *xstrdup (const char *s);
-
 
 /* Names of the databases.  */
 const char *const dbnames[lastdb] =