r5858 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r5858 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
From: Aurelien Jarno <aurel32@moszumanska.debian.org>
Date: Tue, 3 Dec 2013 16:16:51 +0000
Message-id: <[🔎] E1VnseZ-0005r7-BU@moszumanska.debian.org>

Author: aurel32
Date: 2013-12-03 16:16:50 +0000 (Tue, 03 Dec 2013)
New Revision: 5858

Added:
   glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4458.diff
Modified:
   glibc-package/branches/glibc-branch-wheezy/debian/changelog
   glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
patches/any/cvs-CVE-2013-4458.diff: backport stack (frame) overflow fixes
in getaddrinfo() when called with AF_INET6, addressing CVE-2013-4458
(Closes: #727181).



Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog	2013-12-03 15:25:36 UTC (rev 5857)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog	2013-12-03 16:16:50 UTC (rev 5858)
@@ -12,6 +12,9 @@
   * patches/any/cvs-CVE-2013-4237.diff: backport buffer overwrite fix in
     readdir_r for file systems returning file names longer than NAME_MAX
     characters, addressing CVE-2013-4237 (Closes: #719558).
+  * patches/any/cvs-CVE-2013-4458.diff: backport stack (frame) overflow fixes
+    in getaddrinfo() when called with AF_INET6, addressing CVE-2013-4458
+    (Closes: #727181).
   * patches/any/cvs-findlocale-div-by-zero.diff: patch from upstream to fix
     a SIGFPE when locale-archive has been corrupted to all zeros (Closes:
     #718890, #730336). patches/kfreebsd/local-readdir_r.diff: remove

Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4458.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4458.diff	                        (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4458.diff	2013-12-03 16:16:50 UTC (rev 5858)
@@ -0,0 +1,44 @@
+2013-10-25  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16072]
+	* sysdeps/posix/getaddrinfo.c (gethosts): Allocate tmpbuf on
+	heap for large requests.
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index e6ce4cf..8ff74b4 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ 				&rc, &herrno, NULL, &localcanon));	      \
+     if (rc != ERANGE || herrno != NETDB_INTERNAL)			      \
+       break;								      \
+-    tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen);		      \
++    if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen))    \
++      tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen,	      \
++				      alloca_used);			      \
++    else								      \
++      {									      \
++	char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL,		      \
++			      2 * tmpbuflen);				      \
++	if (newp == NULL)						      \
++	  {								      \
++	    result = -EAI_MEMORY;					      \
++	    goto free_and_return;					      \
++	  }								      \
++	tmpbuf = newp;							      \
++	malloc_tmpbuf = true;						      \
++	tmpbuflen = 2 * tmpbuflen;					      \
++      }									      \
+   }									      \
+   if (status == NSS_STATUS_SUCCESS && rc == 0)				      \
+     h = &th;								      \
+@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ 	{								      \
+ 	  __set_h_errno (herrno);					      \
+ 	  _res.options |= old_res_options & RES_USE_INET6;		      \
+-	  return -EAI_SYSTEM;						      \
++	  result = -EAI_SYSTEM;						      \
++	  goto free_and_return;						      \
+ 	}								      \
+       if (herrno == TRY_AGAIN)						      \
+ 	no_data = EAI_AGAIN;						      \

Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2013-12-03 15:25:36 UTC (rev 5857)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2013-12-03 16:16:50 UTC (rev 5858)
@@ -379,4 +379,5 @@
 any/cvs-CVE-2013-0242.diff
 any/cvs-CVE-2013-1914.diff
 any/cvs-CVE-2013-4237.diff
+any/cvs-CVE-2013-4458.diff
 any/cvs-findlocale-div-by-zero.diff

Reply to:

Prev by Date: r5857 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any patches/kfreebsd
Next by Date: r5859 - glibc-package/branches/glibc-branch-wheezy/debian
Previous by thread: r5857 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any patches/kfreebsd
Next by thread: r5859 - glibc-package/branches/glibc-branch-wheezy/debian
Index(es):
- Date
- Thread