r5266 - in glibc-package/branches/glibc-branch-squeeze/debian: . patches patches/any
Author: aurel32
Date: 2012-06-02 20:23:32 +0000 (Sat, 02 Jun 2012)
New Revision: 5266
Added:
glibc-package/branches/glibc-branch-squeeze/debian/patches/any/local-sunrpc-dos.diff
Modified:
glibc-package/branches/glibc-branch-squeeze/debian/changelog
glibc-package/branches/glibc-branch-squeeze/debian/patches/series
Log:
* patches/any/local-sunrpc-dos.diff: fix a DoS in RPC implementation
(CVE-2011-4609). Closes: #671478.
Modified: glibc-package/branches/glibc-branch-squeeze/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/changelog 2012-06-02 20:12:37 UTC (rev 5265)
+++ glibc-package/branches/glibc-branch-squeeze/debian/changelog 2012-06-02 20:23:32 UTC (rev 5266)
@@ -5,6 +5,8 @@
* patches/any/cvs-FORTIFY_SOURCE-format-strings.diff: new patch from
upstream to fix FORTIFY_SOURCE format string protection bypass. Closes:
#660611.
+ * patches/any/local-sunrpc-dos.diff: fix a DoS in RPC implementation
+ (CVE-2011-4609). Closes: #671478.
-- Aurelien Jarno <aurel32@debian.org> Thu, 26 Apr 2012 18:01:39 +0200
Added: glibc-package/branches/glibc-branch-squeeze/debian/patches/any/local-sunrpc-dos.diff
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/patches/any/local-sunrpc-dos.diff (rev 0)
+++ glibc-package/branches/glibc-branch-squeeze/debian/patches/any/local-sunrpc-dos.diff 2012-06-02 20:23:32 UTC (rev 5266)
@@ -0,0 +1,92 @@
+Origin: Red Hat, glibc-2.12-1.47.el6_2.5.src.rpm:glibc-rh767692-2.patch
+Bug: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716
+Subject: DoS in RPC implementation
+
+CVE-2011-4069
+
+
+---
+ sunrpc/svc_tcp.c | 6 ++++++
+ sunrpc/svc_udp.c | 13 +++++++++++--
+ sunrpc/svc_unix.c | 6 ++++++
+ 3 files changed, 23 insertions(+), 2 deletions(-)
+
+Index: b/sunrpc/svc_tcp.c
+===================================================================
+--- a/sunrpc/svc_tcp.c
++++ b/sunrpc/svc_tcp.c
+@@ -44,6 +44,7 @@
+ #include <sys/poll.h>
+ #include <errno.h>
+ #include <stdlib.h>
++#include <time.h>
+
+ #ifdef USE_IN_LIBIO
+ # include <wchar.h>
+@@ -243,6 +244,11 @@ again:
+ {
+ if (errno == EINTR)
+ goto again;
++ if (errno == EMFILE)
++ {
++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++ __nanosleep(&ts , NULL);
++ }
+ return FALSE;
+ }
+ /*
+Index: b/sunrpc/svc_udp.c
+===================================================================
+--- a/sunrpc/svc_udp.c
++++ b/sunrpc/svc_udp.c
+@@ -40,6 +40,7 @@
+ #include <sys/socket.h>
+ #include <errno.h>
+ #include <libintl.h>
++#include <time.h>
+
+ #ifdef IP_PKTINFO
+ #include <sys/uio.h>
+@@ -272,8 +273,16 @@ again:
+ (int) su->su_iosz, 0,
+ (struct sockaddr *) &(xprt->xp_raddr), &len);
+ xprt->xp_addrlen = len;
+- if (rlen == -1 && errno == EINTR)
+- goto again;
++ if (rlen == -1)
++ {
++ if (errno == EINTR)
++ goto again;
++ if (errno == EMFILE)
++ {
++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++ __nanosleep(&ts , NULL);
++ }
++ }
+ if (rlen < 16) /* < 4 32-bit ints? */
+ return FALSE;
+ xdrs->x_op = XDR_DECODE;
+Index: b/sunrpc/svc_unix.c
+===================================================================
+--- a/sunrpc/svc_unix.c
++++ b/sunrpc/svc_unix.c
+@@ -46,6 +46,7 @@
+ #include <errno.h>
+ #include <stdlib.h>
+ #include <libintl.h>
++#include <time.h>
+
+ #ifdef USE_IN_LIBIO
+ # include <wchar.h>
+@@ -245,6 +246,11 @@ again:
+ {
+ if (errno == EINTR)
+ goto again;
++ if (errno == EMFILE)
++ {
++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++ __nanosleep(&ts , NULL);
++ }
+ return FALSE;
+ }
+ /*
Modified: glibc-package/branches/glibc-branch-squeeze/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/patches/series 2012-06-02 20:12:37 UTC (rev 5265)
+++ glibc-package/branches/glibc-branch-squeeze/debian/patches/series 2012-06-02 20:23:32 UTC (rev 5266)
@@ -274,3 +274,4 @@
any/submitted-resolv-first-query-failure.diff
any/cvs-dlopen-tls.diff
any/cvs-FORTIFY_SOURCE-format-strings.diff
+any/local-sunrpc-dos.diff
Reply to: