From 7706dded454822b56de02666e8744337041558e0 Mon Sep 17 00:00:00 2001
From: Aleksandr Proklov <a.proklov@rosalinux.ru>
Date: Fri, 16 Apr 2021 09:23:51 +0900
Subject: [PATCH] fix CVE-2021-27645

---
 CVE-2021-27645.patch | 21 +++++++++++++++++++++
 glibc.spec           |  2 ++
 2 files changed, 23 insertions(+)
 create mode 100644 CVE-2021-27645.patch

diff --git a/CVE-2021-27645.patch b/CVE-2021-27645.patch
new file mode 100644
index 0000000..061dd05
--- /dev/null
+++ b/CVE-2021-27645.patch
@@ -0,0 +1,21 @@
+diff -ruN a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+--- a/nscd/netgroupcache.c	2020-02-01 20:52:50.000000000 +0900
++++ b/nscd/netgroupcache.c	2021-04-16 09:10:09.046603554 +0900
+@@ -248,7 +248,7 @@
+ 					     : NULL);
+ 				    ndomain = (ndomain ? newbuf + ndomaindiff
+ 					       : NULL);
+-				    buffer = newbuf;
++				    *tofreep = buffer = newbuf;
+ 				  }
+ 
+ 				nhost = memcpy (buffer + bufused,
+@@ -319,7 +319,7 @@
+ 		    else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
+ 		      {
+ 			buflen *= 2;
+-			buffer = xrealloc (buffer, buflen);
++			*tofreep = buffer = xrealloc (buffer, buflen);
+ 		      }
+ 		    else if (status == NSS_STATUS_RETURN
+ 			     || status == NSS_STATUS_NOTFOUND
diff --git a/glibc.spec b/glibc.spec
index c145bad..e621fc6 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -188,6 +188,8 @@ Patch1038:	glibc-2.31.9000-aarch64-compile.patch
 Patch1039:	https://github.com/FireBurn/glibc/commit/4483f2500825a84382c2a6a9ac60fc77954533d7.patch
 Patch1040:	https://github.com/FireBurn/glibc/commit/2efa9591e5e8a129e7b73ad0dad3eecbd69482ff.patch
 
+Patch1050:	CVE-2021-27645.patch
+
 # do not remove this BR - it helps to bootstrap the generator
 BuildRequires:	devel-rpm-generators
 BuildRequires:	autoconf2.5