Hi Florian, On Wed, Aug 5, 2020 at 6:44 PM Florian Weimer <f...@deneb.enyo.de> wrote: > > * Jinpu Wang: > > > Dear Maintainer: > > > > Sorry, add some missing information below: > > > > After update to Buster, the systemd-sysusers are segfaulting every time. > > After search around, I found following bugreport in glibc > > https://sourceware.org/legacy-ml/libc-alpha/2016-06/msg01015.html > > > > I backported to the fix to 2.28-10, it fixed the problem. > > > > glibc upstream have a different fix for it in 2.32, see > > https://sourceware.org/bugzilla/show_bug.cgi?id=20338 > > > > I think it's still easier to backport the fix in msg01015.html to 2.28 > > version, > > patch attached in the initial report. > > The patch from 2016 is incomplete because it does not seek back to the > original file position, so the next call of fgetsgent_r skips over the > entry that could not be fully parsed. Thanks for quick response, can you provide a minimum bugfix, which can be easily backported to old version like 2.28? as you also make the bug 20338 as a security hole.
Regards! Jinpu