nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]

addinnetgrX may use the heap-allocated buffer, so free the buffer in this function.
author: Florian Weimer <fweimer@redhat.com> 2018-08-28 13:19:27 +0200
committer: Florian Weimer <fweimer@redhat.com> 2018-08-28 13:19:27 +0200
commit: 745664bd798ec8fd50438605948eea594179fba1 (patch)
tree: bd3d398aadf036f461f972116914afeac0adb3bb /ChangeLog
parent: c8dd67e7c958de04c3783cbea7c384431707b5f8 (diff)
download: glibc-745664bd798ec8fd50438605948eea594179fba1.tar
glibc-745664bd798ec8fd50438605948eea594179fba1.tar.gz
glibc-745664bd798ec8fd50438605948eea594179fba1.tar.bz2
glibc-745664bd798ec8fd50438605948eea594179fba1.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 2a250970e4..3995e4b536 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2018-08-28  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #23520]
+	nscd: Fix use-after-free in addgetnetgrentX and its callers.
+	* nscd/netgroupcache.c
+	(addgetnetgrentX): Add tofreep parameter.  Do not free
+	heap-allocated buffer.
+	(addinnetgrX): Free buffer allocated bt addgetnetgrentX.
+	(addgetnetgrentX_ignore): New function.
+	(addgetnetgrent): Call it.
+	(readdgetnetgrent): Likewise.
+
 2018-08-28  Rajalakshmi Srinivasaraghavan  <raji@linux.vnet.ibm.com>
 
 	* string/memmem.c: Use memcmp for first match.
author	Florian Weimer <fweimer@redhat.com>	2018-08-28 13:19:27 +0200
committer	Florian Weimer <fweimer@redhat.com>	2018-08-28 13:19:27 +0200
commit	745664bd798ec8fd50438605948eea594179fba1 (patch)
tree	bd3d398aadf036f461f972116914afeac0adb3bb /ChangeLog
parent	c8dd67e7c958de04c3783cbea7c384431707b5f8 (diff)
download	glibc-745664bd798ec8fd50438605948eea594179fba1.tar glibc-745664bd798ec8fd50438605948eea594179fba1.tar.gz glibc-745664bd798ec8fd50438605948eea594179fba1.tar.bz2 glibc-745664bd798ec8fd50438605948eea594179fba1.zip