r6293 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches/any
Author: aurel32
Date: 2014-10-16 13:06:39 +0000 (Thu, 16 Oct 2014)
New Revision: 6293
Modified:
glibc-package/branches/glibc-branch-wheezy/debian/changelog
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff
Log:
debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream
commit c8fc0c91 to fix segmentation faults when nscd is in use.
Closes: #765506, #765526, #765562.
Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2014-10-16 12:48:58 UTC (rev 6292)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2014-10-16 13:06:39 UTC (rev 6293)
@@ -2,6 +2,9 @@
* Update 2.13-38+deb7u5 changelog to mention that some lost glibc-doc
files have been re-added in this version.
+ * debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream
+ commit c8fc0c91 to fix segmentation faults when nscd is in use.
+ Closes: #765506, #765526, #765562.
-- Aurelien Jarno <aurel32@debian.org> Thu, 16 Oct 2014 14:46:42 +0200
Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff 2014-10-16 12:48:58 UTC (rev 6292)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff 2014-10-16 13:06:39 UTC (rev 6293)
@@ -1,3 +1,8 @@
+2011-05-31 Andreas Schwab <schwab@redhat.com>
+
+ * nscd/nscd_getserv_r.c (nscd_getserv_r): Don't free non-malloced
+ memory. Use alloca_account. Fix memory leak when retrying.
+
2011-05-22 Ulrich Drepper <drepper@gmail.com>
[BZ #12671]
@@ -134,7 +139,15 @@
const uint32_t *aliases_len = NULL;
const char *aliases_list = NULL;
int retval = -1;
-@@ -136,8 +148,22 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
+@@ -112,6 +124,7 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
+ s_name = (char *) (&found->data[0].servdata + 1);
+ serv_resp = found->data[0].servdata;
+ s_proto = s_name + serv_resp.s_name_len;
++ alloca_aliases_len = 1;
+ aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len);
+ aliases_list = ((char *) aliases_len
+ + serv_resp.s_aliases_cnt * sizeof (uint32_t));
+@@ -136,8 +149,24 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1))
!= 0)
{
@@ -146,7 +159,9 @@
+ + (serv_resp.s_aliases_cnt
+ * sizeof (uint32_t)));
+ if (alloca_aliases_len)
-+ tmp = __alloca (serv_resp.s_aliases_cnt * sizeof (uint32_t));
++ tmp = alloca_account (serv_resp.s_aliases_cnt
++ * sizeof (uint32_t),
++ alloca_used);
+ else
+ {
+ tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t));
@@ -159,7 +174,7 @@
aliases_len = memcpy (tmp, aliases_len,
serv_resp.s_aliases_cnt
* sizeof (uint32_t));
-@@ -217,8 +243,24 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
+@@ -217,8 +246,25 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
if (serv_resp.s_aliases_cnt > 0)
{
@@ -171,8 +186,9 @@
+ + (serv_resp.s_aliases_cnt
+ * sizeof (uint32_t)));
+ if (alloca_aliases_len)
-+ aliases_len = alloca (serv_resp.s_aliases_cnt
-+ * sizeof (uint32_t));
++ aliases_len = alloca_account (serv_resp.s_aliases_cnt
++ * sizeof (uint32_t),
++ alloca_used);
+ else
+ {
+ aliases_len = malloc (serv_resp.s_aliases_cnt
@@ -186,8 +202,16 @@
vec[n].iov_base = (void *) aliases_len;
vec[n].iov_len = serv_resp.s_aliases_cnt * sizeof (uint32_t);
-@@ -329,5 +371,10 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
- goto retry;
+@@ -326,8 +372,17 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
+ }
+
+ if (retval != -1)
+- goto retry;
++ {
++ if (!alloca_aliases_len)
++ free (aliases_len);
++ goto retry;
++ }
}
+ if (!alloca_aliases_len)
Reply to: