This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/16179] New: pointer mangling makes setnetgrent's setup racy
- From: "aoliva at sourceware dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sun, 17 Nov 2013 04:46:33 +0000
- Subject: [Bug libc/16179] New: pointer mangling makes setnetgrent's setup racy
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=16179
Bug ID: 16179
Summary: pointer mangling makes setnetgrent's setup racy
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: aoliva at sourceware dot org
CC: drepper.fsp at gmail dot com
inet/getnetgrent_r.c:setup says:
<quote>
static bool startp_initialized;
static service_user *startp;
int no_more;
if (!startp_initialized)
{
/* Executing this more than once at the same time must yield the
same result every time. So we need no locking. */
no_more = __nss_netgroup_lookup (nipp, "setnetgrent", fctp);
startp = no_more ? (service_user *) -1 : *nipp;
#ifdef PTR_MANGLE
PTR_MANGLE (startp);
#endif
</quote>
If PTR_MANGLE is defined so as to modify startp, we will write to startp twice,
once without mangling, once with mangling, which breaks the assumption that we
need no locking: we'll have two results, one mangled, and another not mangled,
that might unexpectedly be used by a thread that won the initialization race,
if it happens to use the intermediate value written by the loser before it
computes and stores the final mangled value.
We should use an automatic variable to hold the intermediate value, mangle it
there, and only then store it in static storage.
--
You are receiving this mail because:
You are on the CC list for the bug.