File glibc-2.6-nscd-mapping.diff of Package glibc

Overview Repositories Revisions Requests Users Attributes Meta

File glibc-2.6-nscd-mapping.diff of Package glibc

--- nscd/nscd-client.h.old	2007-11-13 22:41:00.994967232 +0000
+++ nscd/nscd-client.h	2007-11-13 22:42:26.389985216 +0000
@@ -257,6 +257,7 @@
   const char *data;
   size_t mapsize;
   int counter;		/* > 0 indicates it is usable.  */
+  size_t datasize;
 };
 #define NO_MAPPING ((struct mapped_database *) -1l)
 
--- nscd/nscd_helper.c.old	2007-11-13 22:41:36.508568344 +0000
+++ nscd/nscd_helper.c	2007-11-13 22:42:26.388985368 +0000
@@ -288,6 +288,7 @@
       newp->data = ((char *) mapping + head.header_size
 		    + roundup (head.module * sizeof (ref_t), ALIGN));
       newp->mapsize = size;
+      newp->datasize = head.data_size;
       /* Set counter to 1 to show it is usable.  */
       newp->counter = 1;
 
@@ -338,7 +339,8 @@
       /* If not mapped or timestamp not updated, request new map.  */
       if (cur == NULL
 	  || (cur->head->nscd_certainly_running == 0
-	      && cur->head->timestamp + MAPPING_TIMEOUT < time (NULL)))
+	      && cur->head->timestamp + MAPPING_TIMEOUT < time (NULL))
+	  || cur->head->data_size > cur->datasize)
 	cur = get_mapping (type, name, &mapptr->mapped);
 
       if (__builtin_expect (cur != NO_MAPPING, 1))
@@ -363,25 +365,29 @@
 		     const struct mapped_database *mapped)
 {
   unsigned long int hash = __nis_hash (key, keylen) % mapped->head->module;
+  size_t datasize = mapped->datasize;
 
   ref_t work = mapped->head->array[hash];
-  while (work != ENDREF)
+  while (work != ENDREF && work + sizeof (struct hashentry) <= datasize)
     {
       struct hashentry *here = (struct hashentry *) (mapped->data + work);
 
 #ifndef _STRING_ARCH_unaligned
       /* Although during garbage collection when moving struct hashentry
 	 records around we first copy from old to new location and then
 	 adjust pointer from previous hashentry to it, there is no barrier
 	 between those memory writes.  It is very unlikely to hit it,
 	 so check alignment only if a misaligned load can crash the
 	 application.  */
       if ((uintptr_t) here & (__alignof__ (*here) - 1))
 	return NULL;
 #endif
 
-      if (type == here->type && keylen == here->len
-	  && memcmp (key, mapped->data + here->key, keylen) == 0)
+      if (type == here->type
+	  && keylen == here->len
+	  && here->key + here->len <= datasize
+	  && memcmp (key, mapped->data + here->key, keylen) == 0
+	  && here->packet + sizeof (struct datahead) <= datasize)
 	{
 	  /* We found the entry.  Increment the appropriate counter.  */
 	  const struct datahead *dh
@@ -378,8 +384,7 @@
 
 	  /* See whether we must ignore the entry or whether something
 	     is wrong because garbage collection is in progress.  */
-	  if (dh->usable && ((char *) dh + dh->allocsize
-			     <= (char *) mapped->head + mapped->mapsize))
+	  if (dh->usable && here->packet + dh->allocsize <= datasize)
 	    return dh;
 	}

Places

File glibc-2.6-nscd-mapping.diff of Package glibc

Places