I found two sssd_nss bugs pretty much by accident.
[PATCH 1/2] NSS: keep a pointer to body after body is reallocated When a memory is reallocated with talloc_realloc, the original pointer might be relocated elsewhere. The "fullname" pointer used to point to the original location before realloc which led to use-after-free issues.
[PATCH 2/2] Use sized_string correctly in FQDN domains We were using the structure itself instead of the string pointer, which led to crashes when the domain was fully qualified.
On Mon, 2012-05-14 at 16:05 +0200, Jakub Hrozek wrote:
I found two sssd_nss bugs pretty much by accident.
[PATCH 1/2] NSS: keep a pointer to body after body is reallocated When a memory is reallocated with talloc_realloc, the original pointer might be relocated elsewhere. The "fullname" pointer used to point to the original location before realloc which led to use-after-free issues.
[PATCH 2/2] Use sized_string correctly in FQDN domains We were using the structure itself instead of the string pointer, which led to crashes when the domain was fully qualified.
Ack to both.
On Mon, 2012-05-14 at 15:48 -0400, Stephen Gallagher wrote:
On Mon, 2012-05-14 at 16:05 +0200, Jakub Hrozek wrote:
I found two sssd_nss bugs pretty much by accident.
[PATCH 1/2] NSS: keep a pointer to body after body is reallocated When a memory is reallocated with talloc_realloc, the original pointer might be relocated elsewhere. The "fullname" pointer used to point to the original location before realloc which led to use-after-free issues.
[PATCH 2/2] Use sized_string correctly in FQDN domains We were using the structure itself instead of the string pointer, which led to crashes when the domain was fully qualified.
Ack to both.
Pushed to master.
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Stephen Gallagher