r6364 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r6364 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
From: Aurelien Jarno <aurel32@moszumanska.debian.org>
Date: Wed, 11 Feb 2015 22:27:50 +0000
Message-id: <[🔎] E1YLfl8-00029p-Hc@moszumanska.debian.org>

Author: aurel32
Date: 2015-02-11 22:27:50 +0000 (Wed, 11 Feb 2015)
New Revision: 6364

Added:
   glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getaddrinfo-idn.diff
Modified:
   glibc-package/branches/glibc-branch-wheezy/debian/changelog
   glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
debian/patches/any/cvs-getaddrinfo-idn.diff: new patch from upstream to
fix a invalid-free when using getaddrinfo with IDN (CVE-2013-7424).

Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog	2015-02-11 22:18:35 UTC (rev 6363)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog	2015-02-11 22:27:50 UTC (rev 6364)
@@ -10,6 +10,8 @@
     (CVE-2014-4043). Closes: #751774.
   * debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
     an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
+  * debian/patches/any/cvs-getaddrinfo-idn.diff: new patch from upstream to
+    fix a invalid-free when using getaddrinfo with IDN (CVE-2013-7424).
 
  -- Aurelien Jarno <aurel32@debian.org>  Wed, 11 Feb 2015 21:54:57 +0100
 

Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getaddrinfo-idn.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getaddrinfo-idn.diff	                        (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getaddrinfo-idn.diff	2015-02-11 22:27:50 UTC (rev 6364)
@@ -0,0 +1,19 @@
+2011-07-26  Andreas Schwab  <schwab@redhat.com>
+
+	* sysdeps/posix/getaddrinfo.c (gaih_inet): Don't discard result of
+	encoding to ACE if AI_IDN.
+
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -432,7 +432,10 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ 	  /* In case the output string is the same as the input string
+ 	     no new string has been allocated.  */
+ 	  if (p != name)
+-	    malloc_name = true;
++	    {
++	      name = p;
++	      malloc_name = true;
++	    }
+ 	}
+ #endif
+ 

Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2015-02-11 22:18:35 UTC (rev 6363)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2015-02-11 22:27:50 UTC (rev 6364)
@@ -402,3 +402,4 @@
 any/cvs-vfprintf.diff
 any/cvs-posix_spawn_file_actions_addopen.diff
 any/cvs-getnetbyname.diff
+any/cvs-getaddrinfo-idn.diff

Reply to:

Prev by Date: r6363 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Next by Date: r6365 - glibc-package/trunk/debian/patches/hurd-i386
Previous by thread: r6363 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Next by thread: r6365 - glibc-package/trunk/debian/patches/hurd-i386
Index(es):
- Date
- Thread