From af37a8a3496327a6e5617a2c76f17aa1e8db835e Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Mon, 27 Jan 2014 11:32:44 +0530 Subject: [PATCH] Avoid undefined behaviour in netgroupcache Using a buffer after it has been reallocated is undefined behaviour, so get offsets of the triplets in the old buffer before reallocating it. --- ChangeLog | 5 +++++ nscd/netgroupcache.c | 16 +++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1a23eba..a1f549e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2014-01-27 Siddhesh Poyarekar + + * nscd/netgroupcache.c (addgetnetgrentX): Compute offset from + the old buffer before realloc. + 2014-01-27 Allan McRae * po/fr.po: Update French translation from translation project. diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c index 924567c..be01fe8 100644 --- a/nscd/netgroupcache.c +++ b/nscd/netgroupcache.c @@ -241,15 +241,21 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, if (buflen - req->key_len - bufused < needed) { buflen += MAX (buflen, 2 * needed); + /* Save offset in the old buffer. We don't + bother with the NULL check here since + we'll do that later anyway. */ + size_t nhostdiff = nhost - buffer; + size_t nuserdiff = nuser - buffer; + size_t ndomaindiff = ndomain - buffer; + char *newbuf = xrealloc (buffer, buflen); - /* Adjust the pointers in the new + /* Fix up the triplet pointers into the new buffer. */ - nhost = (nhost ? newbuf + (nhost - buffer) + nhost = (nhost ? newbuf + nhostdiff : NULL); - nuser = (nuser ? newbuf + (nuser - buffer) + nuser = (nuser ? newbuf + nuserdiff : NULL); - ndomain = (ndomain - ? newbuf + (ndomain - buffer) + ndomain = (ndomain ? newbuf + ndomaindiff : NULL); buffer = newbuf; } -- 2.7.4