r5266 - in glibc-package/branches/glibc-branch-squeeze/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r5266 - in glibc-package/branches/glibc-branch-squeeze/debian: . patches patches/any
From: Aurelien Jarno <aurel32@alioth.debian.org>
Date: Sat, 2 Jun 2012 20:23:32 +0000
Message-id: <[🔎] E1SaurF-0000fd-Nm@vasks.debian.org>

Author: aurel32
Date: 2012-06-02 20:23:32 +0000 (Sat, 02 Jun 2012)
New Revision: 5266

Added:
   glibc-package/branches/glibc-branch-squeeze/debian/patches/any/local-sunrpc-dos.diff
Modified:
   glibc-package/branches/glibc-branch-squeeze/debian/changelog
   glibc-package/branches/glibc-branch-squeeze/debian/patches/series
Log:
  * patches/any/local-sunrpc-dos.diff: fix a DoS in RPC implementation
    (CVE-2011-4609).  Closes: #671478.



Modified: glibc-package/branches/glibc-branch-squeeze/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/changelog	2012-06-02 20:12:37 UTC (rev 5265)
+++ glibc-package/branches/glibc-branch-squeeze/debian/changelog	2012-06-02 20:23:32 UTC (rev 5266)
@@ -5,6 +5,8 @@
   * patches/any/cvs-FORTIFY_SOURCE-format-strings.diff: new patch from
     upstream to fix FORTIFY_SOURCE format string protection bypass.  Closes:
     #660611.
+  * patches/any/local-sunrpc-dos.diff: fix a DoS in RPC implementation
+    (CVE-2011-4609).  Closes: #671478.
 
  -- Aurelien Jarno <aurel32@debian.org>  Thu, 26 Apr 2012 18:01:39 +0200
 

Added: glibc-package/branches/glibc-branch-squeeze/debian/patches/any/local-sunrpc-dos.diff
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/patches/any/local-sunrpc-dos.diff	                        (rev 0)
+++ glibc-package/branches/glibc-branch-squeeze/debian/patches/any/local-sunrpc-dos.diff	2012-06-02 20:23:32 UTC (rev 5266)
@@ -0,0 +1,92 @@
+Origin: Red Hat, glibc-2.12-1.47.el6_2.5.src.rpm:glibc-rh767692-2.patch
+Bug: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716
+Subject: DoS in RPC implementation
+
+CVE-2011-4069
+
+
+---
+ sunrpc/svc_tcp.c  |    6 ++++++
+ sunrpc/svc_udp.c  |   13 +++++++++++--
+ sunrpc/svc_unix.c |    6 ++++++
+ 3 files changed, 23 insertions(+), 2 deletions(-)
+
+Index: b/sunrpc/svc_tcp.c
+===================================================================
+--- a/sunrpc/svc_tcp.c
++++ b/sunrpc/svc_tcp.c
+@@ -44,6 +44,7 @@
+ #include <sys/poll.h>
+ #include <errno.h>
+ #include <stdlib.h>
++#include <time.h>
+ 
+ #ifdef USE_IN_LIBIO
+ # include <wchar.h>
+@@ -243,6 +244,11 @@ again:
+     {
+       if (errno == EINTR)
+ 	goto again;
++      if (errno == EMFILE)
++        {
++          struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++          __nanosleep(&ts , NULL);
++        }
+       return FALSE;
+     }
+   /*
+Index: b/sunrpc/svc_udp.c
+===================================================================
+--- a/sunrpc/svc_udp.c
++++ b/sunrpc/svc_udp.c
+@@ -40,6 +40,7 @@
+ #include <sys/socket.h>
+ #include <errno.h>
+ #include <libintl.h>
++#include <time.h>
+ 
+ #ifdef IP_PKTINFO
+ #include <sys/uio.h>
+@@ -272,8 +273,16 @@ again:
+ 		       (int) su->su_iosz, 0,
+ 		       (struct sockaddr *) &(xprt->xp_raddr), &len);
+   xprt->xp_addrlen = len;
+-  if (rlen == -1 && errno == EINTR)
+-    goto again;
++  if (rlen == -1)
++    {
++      if (errno == EINTR)
++        goto again;
++      if (errno == EMFILE)
++        {
++          struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++          __nanosleep(&ts , NULL);
++        }
++    }
+   if (rlen < 16)		/* < 4 32-bit ints? */
+     return FALSE;
+   xdrs->x_op = XDR_DECODE;
+Index: b/sunrpc/svc_unix.c
+===================================================================
+--- a/sunrpc/svc_unix.c
++++ b/sunrpc/svc_unix.c
+@@ -46,6 +46,7 @@
+ #include <errno.h>
+ #include <stdlib.h>
+ #include <libintl.h>
++#include <time.h>
+ 
+ #ifdef USE_IN_LIBIO
+ # include <wchar.h>
+@@ -245,6 +246,11 @@ again:
+     {
+       if (errno == EINTR)
+ 	goto again;
++      if (errno == EMFILE)
++        {
++          struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++          __nanosleep(&ts , NULL);
++        }
+       return FALSE;
+     }
+   /*

Modified: glibc-package/branches/glibc-branch-squeeze/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/patches/series	2012-06-02 20:12:37 UTC (rev 5265)
+++ glibc-package/branches/glibc-branch-squeeze/debian/patches/series	2012-06-02 20:23:32 UTC (rev 5266)
@@ -274,3 +274,4 @@
 any/submitted-resolv-first-query-failure.diff
 any/cvs-dlopen-tls.diff
 any/cvs-FORTIFY_SOURCE-format-strings.diff
+any/local-sunrpc-dos.diff

Reply to:

Prev by Date: r5265 - in glibc-package/trunk/debian: . patches patches/any
Next by Date: r5267 - glibc-package/trunk/debian/control.in
Previous by thread: r5265 - in glibc-package/trunk/debian: . patches patches/any
Next by thread: r5267 - glibc-package/trunk/debian/control.in
Index(es):
- Date
- Thread