Bug#296490: libc6: getgrnam segfault (using __nscd_getgrnam_r)
Package: libc6
Version: 2.3.2.ds1-20
Severity: normal
Tags: patch
Calling getgrnam() with a NULL argument, with group in /etc/nsswitch.conf set to 'compat' can cause a segfault
in __nscd_getgrnam_r due to a lack of a check for a NULL string before doing strlen(). I've attached a patch,
but this is untested due to the amount of time (+amount of percieved risk) of replacing libc6 with a
self-modified version. However, it's a two-line fix, so *should* be ok.
-- System Information:
Debian Release: 3.0
APT prefers testing
APT policy: (103, 'testing'), (102, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl
-- no debconf information
--- nscd/nscd_getgr_r.c Tue Feb 22 19:45:06 2005
+++ nscd/nscd_getgr_r.c.fixed Tue Feb 22 19:44:33 2005
@@ -42,6 +42,8 @@
__nscd_getgrnam_r (const char *name, struct group *resultbuf, char *buffer,
size_t buflen)
{
+ if (name == NULL)
+ return NULL;
return nscd_getgr_r (name, strlen (name) + 1, GETGRBYNAME, resultbuf,
buffer, buflen);
}
Reply to: