CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/07 12:22:26
Modified files:
lib/libc/gen : getgrent.c
Log message:
A collection of AI-assisted reports come from Frank Denis, which says that
the YP getgrent code when doing YP operations has a group of buffer
mismanagement issues which in the reports are labelled 'high severity'.
This fixes the buffer checks.
The big question to ask is this: Is a malicious YP server going to
send you messages that exercise a buffer overflow codepath, or are
they going to send you perfectly correct messages containing wrong group
members?
The old-school ypserv model was that you run ypserv on a "trusted network"
segment, which today is laughable but it matched operations in that era.
(Our) new operational model is that ypbind is reached with a custom system call
and provides trusted path to a an on-host ypserv, which is more likely to be
the ypldap(8) LDAP schema to YP protocol converter.
If a YP server is broken and sending bad messages, THIS code is the least
of your worries. High severity? No.
ok millert jmatthew
