[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()
Launchpad has imported 3 comments from the remote bug at http://sourceware.org/bugzilla/show_bug.cgi?id=1363. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2005-09-22T14:18:28+00:00 Kees-verruijt-redwood wrote: nscd_getpw_r() will free() on a static buffer passed in to it when called by getpwnam() and friends. This can be seen by simple code inspection in nscd/nscd_getpw_r.c. (discussion is based on CVS version 1.30 which is the current MAIN). The following excerpt are a few lines of nscd/nscd_getpw_r.c: 86:nscd_getpw_r (...) 96: retry:; 142: resultbuf-pw_uid = pw_resp-pw_uid; 203: if (__nscd_drop_map_ref (mapped, gc_cycle) != 0 retval != -1) 230: free (resultbuf); 232: goto retry; The above shows that if there has been a GC cycle that resultbuf is freed and then reused in the next retry. That's incorrect. It is also incorrect in that resultbuf is passed in, and it can be a buffer that's not from the heap. This turns up in a simple getpwnam() call made during a GC cycle. This tries to free the resbuf in getpwnam and thus dumps core. Suggested fix: remove free(resultbuf) (line 230). Reply at: https://bugs.launchpad.net/glibc/+bug/327705/comments/0 On 2005-09-22T14:30:22+00:00 Kees-verruijt-redwood wrote: Created attachment 665 glibc_1363_testcase1.c C source that might coredump; it just calls getpwnam() on different non-existing users. It coredumps the first call after the nscd daemon does GC. This is easiest to see by running the attached program and nscd -d -d -d -d in two adjacent sessions. As soon as I see remove GETPWBYNAME entry . by nscd the test program aborts. (Originally found on SuSE 9.3 x86_64 w/ glibc-2.3.4-23.4) Reply at: https://bugs.launchpad.net/glibc/+bug/327705/comments/1 On 2005-09-22T14:37:02+00:00 Drepper-fsp wrote: Fixed on CVS trunk. Reply at: https://bugs.launchpad.net/glibc/+bug/327705/comments/2 ** Changed in: glibc Importance: Unknown = Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/327705 Title: nscd_getpw_r in libc6 crashes due to invalid free() -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()
Has this been released for dapper drake (it does have lts for servers still) and following releases? -- nscd_getpw_r in libc6 crashes due to invalid free() https://bugs.launchpad.net/bugs/327705 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()
I don't see the issue any more on Dapper. -- nscd_getpw_r in libc6 crashes due to invalid free() https://bugs.launchpad.net/bugs/327705 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()
Thanks for reporting this bug and any supporting documentation. Since this bug has enough information provided for a developer to begin work, I'm going to mark it as confirmed and let them handle it from here. Thanks for taking the time to make Ubuntu better! ** Bug watch added: Red Hat Bugzilla #169813 https://bugzilla.redhat.com/show_bug.cgi?id=169813 ** Also affects: glibc via https://bugzilla.redhat.com/show_bug.cgi?id=169813 Importance: Unknown Status: Unknown ** Changed in: glibc Bugwatch: Red Hat Bugzilla #169813 = Sourceware.org Bugzilla #1363 ** Changed in: glibc (Ubuntu) Status: New = Confirmed -- nscd_getpw_r in libc6 crashes due to invalid free() https://bugs.launchpad.net/bugs/327705 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()
** Changed in: glibc Status: Unknown = Fix Released -- nscd_getpw_r in libc6 crashes due to invalid free() https://bugs.launchpad.net/bugs/327705 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs