Adjust pointers to triplets in netgroup query data (BZ #16474)

The _nss_*_getnetgrent_r query populates the netgroup results in the
allocated buffer and then sets the result triplet to point to strings
in the buffer.  This is a problem when the buffer is reallocated since
the pointers to the triplet strings are no longer valid.  The pointers
need to be adjusted so that they now point to strings in the
reallocated buffer.

diff --git a/ChangeLog b/ChangeLog
index 0f4453ec7fac4fead5aca40f6249aeb44a9442f8..1d19695a17ac9e2cd55a5cedf3366d91233d363f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-01-24  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+       [BZ #16474]
+       * nscd/netgroupcache.c (addgetnetgrentX): Adjust triplet
+       string pointers after reallocation.
+
 2014-01-24  Kaz Kojima  <kkojima@rr.iij4u.or.jp>
 
        * sysdeps/unix/sysv/linux/sh/sys/ucontext.h: Use __SH4__ and

diff --git a/NEWS b/NEWS
index f4f22a8f3e5d46c66861607f6a70f69d17e93c12..5601403ee8ede16b3eb2494aa11d5c01ae487654 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -25,7 +25,7 @@ Version 2.19
   16151, 16153, 16167, 16169, 16172, 16195, 16214, 16245, 16271, 16274,
   16283, 16289, 16293, 16314, 16316, 16330, 16337, 16338, 16356, 16365,
   16366, 16369, 16372, 16375, 16379, 16384, 16385, 16386, 16387, 16390,
-  16394, 16400, 16407, 16408, 16414, 16430, 16431, 16453.
+  16394, 16400, 16407, 16408, 16414, 16430, 16431, 16453, 16474.
 
 * Slovenian translations for glibc messages have been contributed by the
   Translation Project's Slovenian team of translators.

diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 58234b1492380ee9a18b1e4c53beb2dd38bd0e4f..924567c3f3af16798c6f709d457a821f1493ab52 100644 (file)
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -241,7 +241,17 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
                                if (buflen - req->key_len - bufused < needed)
                                  {
                                    buflen += MAX (buflen, 2 * needed);
-                                   buffer = xrealloc (buffer, buflen);
+                                   char *newbuf = xrealloc (buffer, buflen);
+                                   /* Adjust the pointers in the new
+                                      buffer.  */
+                                   nhost = (nhost ? newbuf + (nhost - buffer)
+                                            : NULL);
+                                   nuser = (nuser ? newbuf + (nuser - buffer)
+                                            : NULL);
+                                   ndomain = (ndomain
+                                              ? newbuf + (ndomain - buffer)
+                                              : NULL);
+                                   buffer = newbuf;
                                  }
 
                                nhost = memcpy (buffer + bufused,