oss-sec mailing list archives

Re: Out-of-bounds read & write in the glibc's qsort()

From: Qualys Security Advisory <qsa () qualys com>
Date: Tue, 25 Jun 2024 12:15:22 +0000

Hi Douglas,

On Tue, Jun 25, 2024 at 11:49:40AM +1200, Douglas Bagnall wrote:

So Samba was very susceptible to this bug. The good news is
ldb_qsort() is not used in very many places, and some of those places
already used transitive comparison functions. The other good news is
that *now* it is patched with the "tmp_ptr > base_ptr &&" fix. And the
third good news is that the comparison functions are fixed. That's in
4.19.7 and 4.20.2.


This is really interesting, thank you very much for your work on all
this and for taking the time to write this detailed analysis! We are
extremely happy that our advisory has been useful.

With best regards,

-- 
the Qualys Security Advisory team

Current thread:

Re: Out-of-bounds read & write in the glibc's qsort() Douglas Bagnall (Jun 24)
- Re: Out-of-bounds read & write in the glibc's qsort() Qualys Security Advisory (Jun 25)