r5039 - in glibc-package/trunk/debian: . patches patches/hurd-i386
Author: sthibault
Date: 2011-11-21 07:55:28 +0000 (Mon, 21 Nov 2011)
New Revision: 5039
Added:
glibc-package/trunk/debian/patches/hurd-i386/submitted-_hurd_socket_server-indexcheck.diff
Modified:
glibc-package/trunk/debian/changelog
glibc-package/trunk/debian/patches/series
Log:
New patch from Pino Toscano to fix crash or spurious deallocation on bogus input.
Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog 2011-11-12 14:03:09 UTC (rev 5038)
+++ glibc-package/trunk/debian/changelog 2011-11-21 07:55:28 UTC (rev 5039)
@@ -45,6 +45,8 @@
* patches/hurd-i386/submitted-dup2-fix.diff: Trivially port to dup3.
* patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: New patch to
brown-tape fix iceweasel.
+ * patches/hurd-i386/submitted-_hurd_socket_server-indexcheck.diff: New patch
+ from Pino Toscano to fix crash or spurious deallocation on bogus input.
[ Petr Salinger ]
* kfreebsd/local-sysdeps.diff: update to revision 3763 (from glibc-bsd).
Added: glibc-package/trunk/debian/patches/hurd-i386/submitted-_hurd_socket_server-indexcheck.diff
===================================================================
--- glibc-package/trunk/debian/patches/hurd-i386/submitted-_hurd_socket_server-indexcheck.diff (rev 0)
+++ glibc-package/trunk/debian/patches/hurd-i386/submitted-_hurd_socket_server-indexcheck.diff 2011-11-21 07:55:28 UTC (rev 5039)
@@ -0,0 +1,21 @@
+Refuse negative socket domains right away; otherwise, it is possible to read
+and set out-of-bounds locations of the `servers' array (returning the values
+at those invalid memory locations), and even try to deallocate ports with
+random values if the `dead' parameter is different than zero.
+
+* hurd/hurdsock.c (_hurd_socket_server): Check for negative domains.
+--- a/hurd/hurdsock.c
++++ b/hurd/hurdsock.c
+@@ -47,6 +47,12 @@
+ {
+ socket_t server;
+
++ if (domain < 0)
++ {
++ errno = EAFNOSUPPORT;
++ return MACH_PORT_NULL;
++ }
++
+ HURD_CRITICAL_BEGIN;
+ __mutex_lock (&lock);
+
Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series 2011-11-12 14:03:09 UTC (rev 5038)
+++ glibc-package/trunk/debian/patches/series 2011-11-21 07:55:28 UTC (rev 5039)
@@ -162,6 +162,7 @@
hurd-i386/cvs-fork_ports.diff
hurd-i386/submitted-setresid.diff
hurd-i386/cvs-sgttyb.diff
+hurd-i386/submitted-_hurd_socket_server-indexcheck.diff
kfreebsd/submitted-libc_once.diff
Reply to: