[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()

2011-05-25 Thread Bug Watch Updater 
Launchpad has imported 3 comments from the remote bug at
http://sourceware.org/bugzilla/show_bug.cgi?id=1363.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2005-09-22T14:18:28+00:00 Kees-verruijt-redwood wrote:

nscd_getpw_r() will free() on a static buffer passed in to it when called by
getpwnam() and friends.

This can be seen by simple code inspection in nscd/nscd_getpw_r.c.
(discussion is based on CVS version 1.30 which is the current MAIN). The
following excerpt are a few lines of nscd/nscd_getpw_r.c:

86:nscd_getpw_r (...)
96: retry:;
142:   resultbuf-pw_uid = pw_resp-pw_uid;
203:   if (__nscd_drop_map_ref (mapped, gc_cycle) != 0  retval != -1)
230: free (resultbuf);
232: goto retry;

The above shows that if there has been a GC cycle that resultbuf is freed and
then reused in the next retry. That's incorrect. It is also incorrect in that
resultbuf is passed in, and it can be a buffer that's not from the heap. 

This turns up in a simple getpwnam() call made during a GC cycle. This tries to
free the resbuf in getpwnam and thus dumps core.

Suggested fix: remove free(resultbuf) (line 230).

Reply at: https://bugs.launchpad.net/glibc/+bug/327705/comments/0


On 2005-09-22T14:30:22+00:00 Kees-verruijt-redwood wrote:

Created attachment 665
glibc_1363_testcase1.c

C source that might coredump; it just calls getpwnam() on different
non-existing users. It coredumps the first call after the nscd daemon does GC.

This is easiest to see by running the attached program and nscd -d -d -d -d
in two adjacent sessions. As soon as I see remove GETPWBYNAME entry .
by nscd the test program aborts.

(Originally found on SuSE 9.3 x86_64 w/ glibc-2.3.4-23.4)

Reply at: https://bugs.launchpad.net/glibc/+bug/327705/comments/1


On 2005-09-22T14:37:02+00:00 Drepper-fsp wrote:

Fixed on CVS trunk.

Reply at: https://bugs.launchpad.net/glibc/+bug/327705/comments/2


** Changed in: glibc
   Importance: Unknown = Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/327705

Title:
  nscd_getpw_r in libc6 crashes due to invalid free()

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()

2010-04-27 Thread Rune Philosof 
Has this been released for dapper drake (it does have lts for servers
still) and following releases?

-- 
nscd_getpw_r in libc6 crashes due to invalid free()
https://bugs.launchpad.net/bugs/327705
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()

2010-04-27 Thread gcc 
I don't see the issue any more on Dapper.

-- 
nscd_getpw_r in libc6 crashes due to invalid free()
https://bugs.launchpad.net/bugs/327705
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()

2009-02-10 Thread C. Cooke 
 Thanks for reporting this bug and any supporting documentation. Since
this bug has enough information provided for a developer to begin work,
I'm going to mark it as confirmed and let them handle it from here.
Thanks for taking the time to make Ubuntu better!

** Bug watch added: Red Hat Bugzilla #169813
   https://bugzilla.redhat.com/show_bug.cgi?id=169813

** Also affects: glibc via
   https://bugzilla.redhat.com/show_bug.cgi?id=169813
   Importance: Unknown
   Status: Unknown

** Changed in: glibc
 Bugwatch: Red Hat Bugzilla #169813 = Sourceware.org Bugzilla #1363

** Changed in: glibc (Ubuntu)
   Status: New = Confirmed

-- 
nscd_getpw_r in libc6 crashes due to invalid free()
https://bugs.launchpad.net/bugs/327705
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 327705] Re: nscd_getpw_r in libc6 crashes due to invalid free()

2009-02-10 Thread Bug Watch Updater 
** Changed in: glibc
   Status: Unknown = Fix Released

-- 
nscd_getpw_r in libc6 crashes due to invalid free()
https://bugs.launchpad.net/bugs/327705
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs