Package: schroot Version: 1.6.10-1+b1 Severity: important Tags: upstream patch
Hi! The attached patch fixes an infinite allocation loop inside the passwd::query_name, passwd::query_uid, group::query_gid and group::query_name functions. Current code simply fails with std::bad_alloc on any error, because it always retries with a bigger buffer. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages schroot depends on: ii libboost-filesystem1.55.0 1.55.0+dfsg-3 ii libboost-iostreams1.55.0 1.55.0+dfsg-3 ii libboost-program-options1.55.0 1.55.0+dfsg-3 ii libboost-regex1.55.0 1.55.0+dfsg-3 ii libboost-system1.55.0 1.55.0+dfsg-3 ii libc6 2.19-11 ii libgcc1 1:4.9.1-16 ii libpam0g 1.1.8-3.1 ii libstdc++6 4.9.1-16 ii libuuid1 2.20.1-5.9 ii schroot-common 1.6.10-1 schroot recommends no packages. Versions of packages schroot suggests: pn aufs-modules | unionfs-modules <none> pn btrfs-tools <none> ii debootstrap 1.0.63 ii lvm2 2.02.111-2 ii qemu-user-static 2.1+dfsg-5 -- Configuration Files: /etc/default/schroot changed [not included] /etc/schroot/default/fstab changed [not included] /etc/schroot/schroot.conf changed [not included] -- no debconf information
Description: Fixes infinite allocation on error in name queries Don't retry with a bigger buffer if there is an error from name query calls is. This fixes error reporting in name queries. Author: Daniel Serpell <daniel.serp...@aplik.cl> --- schroot-1.6.10.orig/sbuild/sbuild-util.cc +++ schroot-1.6.10/sbuild/sbuild-util.cc @@ -632,7 +632,7 @@ sbuild::passwd::query_uid (uid_t uid) while ((error = getpwuid_r(uid, this, &buffer[0], buffer.capacity(), - &pwd_result))) + &pwd_result)) == ERANGE) { size <<= 1; buffer.reserve(size); @@ -655,7 +655,7 @@ sbuild::passwd::query_name (const char * while ((error = getpwnam_r(name, this, &buffer[0], buffer.capacity(), - &pwd_result))) + &pwd_result)) == ERANGE) { size <<= 1; buffer.reserve(size); @@ -741,7 +741,7 @@ sbuild::group::query_gid (gid_t gid) while ((error = getgrgid_r(gid, this, &buffer[0], buffer.capacity(), - &grp_result))) + &grp_result)) == ERANGE) { size <<= 1; buffer.reserve(size); @@ -764,7 +764,7 @@ sbuild::group::query_name (const char *n while ((error = getgrnam_r(name, this, &buffer[0], buffer.capacity(), - &grp_result))) + &grp_result)) == ERANGE) { size <<= 1; buffer.reserve(size);