r5348 - in glibc-package/branches/eglibc-2.16/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r5348 - in glibc-package/branches/eglibc-2.16/debian: . patches patches/any
From: Adam Conrad <adconrad@alioth.debian.org>
Date: Fri, 26 Oct 2012 03:31:15 +0000
Message-id: <[🔎] E1TRadf-0007eX-Qq@vasks.debian.org>

Author: adconrad
Date: 2012-10-26 03:31:14 +0000 (Fri, 26 Oct 2012)
New Revision: 5348

Added:
   glibc-package/branches/eglibc-2.16/debian/patches/any/local-CVE-2011-4609.diff
Modified:
   glibc-package/branches/eglibc-2.16/debian/changelog
   glibc-package/branches/eglibc-2.16/debian/patches/series
Log:
debian/patches/any/local-CVE-2011-4609.diff: nanosleep when too many
open fds are detected to work around DoS in sunrpc (CVE-2011-4609)

Modified: glibc-package/branches/eglibc-2.16/debian/changelog
===================================================================
--- glibc-package/branches/eglibc-2.16/debian/changelog	2012-10-26 03:18:54 UTC (rev 5347)
+++ glibc-package/branches/eglibc-2.16/debian/changelog	2012-10-26 03:31:14 UTC (rev 5348)
@@ -364,6 +364,8 @@
   * Merge regression/progression test suite improvements from Ubuntu.
   * debian/patches/any/local-CVE-2012-3406.diff: switch to malloc when
     array grows too large to handle via alloca extension (CVE-2012-3406)
+  * debian/patches/any/local-CVE-2011-4609.diff: nanosleep when too many
+    open fds are detected to work around DoS in sunrpc (CVE-2011-4609)
 
  -- Aurelien Jarno <aurel32@debian.org>  Wed, 25 Jul 2012 23:45:58 +0200
 

Added: glibc-package/branches/eglibc-2.16/debian/patches/any/local-CVE-2011-4609.diff
===================================================================
--- glibc-package/branches/eglibc-2.16/debian/patches/any/local-CVE-2011-4609.diff	                        (rev 0)
+++ glibc-package/branches/eglibc-2.16/debian/patches/any/local-CVE-2011-4609.diff	2012-10-26 03:31:14 UTC (rev 5348)
@@ -0,0 +1,92 @@
+Origin: Red Hat, glibc-2.12-1.47.el6_2.5.src.rpm:glibc-rh767692-2.patch
+Bug: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716
+Subject: DoS in RPC implementation
+
+CVE-2011-4069
+
+
+---
+ sunrpc/svc_tcp.c  |    6 ++++++
+ sunrpc/svc_udp.c  |   13 +++++++++++--
+ sunrpc/svc_unix.c |    6 ++++++
+ 3 files changed, 23 insertions(+), 2 deletions(-)
+
+Index: b/sunrpc/svc_tcp.c
+===================================================================
+--- a/sunrpc/svc_tcp.c
++++ b/sunrpc/svc_tcp.c
+@@ -44,6 +44,7 @@
+ #include <sys/poll.h>
+ #include <errno.h>
+ #include <stdlib.h>
++#include <time.h>
+ 
+ #include <wchar.h>
+ #include <libio/iolibio.h>
+@@ -247,6 +248,11 @@ again:
+     {
+       if (errno == EINTR)
+ 	goto again;
++      if (errno == EMFILE)
++        {
++          struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++          __nanosleep(&ts , NULL);
++        }
+       return FALSE;
+     }
+   /*
+Index: b/sunrpc/svc_udp.c
+===================================================================
+--- a/sunrpc/svc_udp.c
++++ b/sunrpc/svc_udp.c
+@@ -40,6 +40,7 @@
+ #include <sys/socket.h>
+ #include <errno.h>
+ #include <libintl.h>
++#include <time.h>
+ 
+ #ifdef IP_PKTINFO
+ #include <sys/uio.h>
+@@ -277,8 +278,16 @@ again:
+ 		       (int) su->su_iosz, 0,
+ 		       (struct sockaddr *) &(xprt->xp_raddr), &len);
+   xprt->xp_addrlen = len;
+-  if (rlen == -1 && errno == EINTR)
+-    goto again;
++  if (rlen == -1)
++    {
++      if (errno == EINTR)
++        goto again;
++      if (errno == EMFILE)
++        {
++          struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++          __nanosleep(&ts , NULL);
++        }
++    }
+   if (rlen < 16)		/* < 4 32-bit ints? */
+     return FALSE;
+   xdrs->x_op = XDR_DECODE;
+Index: b/sunrpc/svc_unix.c
+===================================================================
+--- a/sunrpc/svc_unix.c
++++ b/sunrpc/svc_unix.c
+@@ -47,6 +47,7 @@
+ #include <stdlib.h>
+ #include <libintl.h>
+ #include <wchar.h>
++#include <time.h>
+ 
+ /*
+  * Ops vector for AF_UNIX based rpc service handle
+@@ -244,6 +245,11 @@ again:
+     {
+       if (errno == EINTR)
+ 	goto again;
++      if (errno == EMFILE)
++        {
++          struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++          __nanosleep(&ts , NULL);
++        }
+       return FALSE;
+     }
+   /*

Modified: glibc-package/branches/eglibc-2.16/debian/patches/series
===================================================================
--- glibc-package/branches/eglibc-2.16/debian/patches/series	2012-10-26 03:18:54 UTC (rev 5347)
+++ glibc-package/branches/eglibc-2.16/debian/patches/series	2012-10-26 03:31:14 UTC (rev 5348)
@@ -228,3 +228,4 @@
 any/local-revert-fclose-posix2008.diff
 any/local-disable-libnss-db.diff
 any/local-CVE-2012-3406.diff
+any/local-CVE-2011-4609.diff

Reply to:

Prev by Date: r5346 - in glibc-package/branches/eglibc-2.16/debian: . rules.d testsuite-checking
Next by Date: Re: r5338 - in glibc-package/branches/eglibc-2.16/debian: . debhelper.in local rules.d
Previous by thread: r5346 - in glibc-package/branches/eglibc-2.16/debian: . rules.d testsuite-checking
Next by thread: Commit r5347
Index(es):
- Date
- Thread