[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6303) Buffer overflow with new glibc

jzeleny@redhat.com writes:
> I guess new version of glibc has some kind of mechanism which is
> checking boundaries of structures and isn't allowing write out of
> those boundaries.

Could you test if this works instead?
If that doesn't work, similar code elsewhere may be in danger.

Not that it's important in this case since the back-ldif code
isn't run often.  It just avoids one malloc, one check for whether
that succeeded, and one free.  Your patch forgot the last two.

Actually the boundary check you mention is exactly the problem the
BVL_NAME macro avoids, though I'm not sure why I didn't just use
the standard "struct hack".  Maybe the problem is with padding
bytes after fname.  Anyway, I suppose this means the old "struct
hack" is now definitely getting dangerous to use.

Whatever is going on, I'd like to find out.  Which versions of gcc
and glibc, and which architecture is this?  (32-bit i683, 64-bit
amd, etc).  And if it doesn't take much time, could you try if
these variants fix the problem too?
I don't plan to use them, we can use your variant if my first
patch doesn't work.  I'm just curious what's going on.