r6364 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Author: aurel32
Date: 2015-02-11 22:27:50 +0000 (Wed, 11 Feb 2015)
New Revision: 6364
Added:
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getaddrinfo-idn.diff
Modified:
glibc-package/branches/glibc-branch-wheezy/debian/changelog
glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
debian/patches/any/cvs-getaddrinfo-idn.diff: new patch from upstream to
fix a invalid-free when using getaddrinfo with IDN (CVE-2013-7424).
Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-02-11 22:18:35 UTC (rev 6363)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-02-11 22:27:50 UTC (rev 6364)
@@ -10,6 +10,8 @@
(CVE-2014-4043). Closes: #751774.
* debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
+ * debian/patches/any/cvs-getaddrinfo-idn.diff: new patch from upstream to
+ fix a invalid-free when using getaddrinfo with IDN (CVE-2013-7424).
-- Aurelien Jarno <aurel32@debian.org> Wed, 11 Feb 2015 21:54:57 +0100
Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getaddrinfo-idn.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getaddrinfo-idn.diff (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getaddrinfo-idn.diff 2015-02-11 22:27:50 UTC (rev 6364)
@@ -0,0 +1,19 @@
+2011-07-26 Andreas Schwab <schwab@redhat.com>
+
+ * sysdeps/posix/getaddrinfo.c (gaih_inet): Don't discard result of
+ encoding to ACE if AI_IDN.
+
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -432,7 +432,10 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ /* In case the output string is the same as the input string
+ no new string has been allocated. */
+ if (p != name)
+- malloc_name = true;
++ {
++ name = p;
++ malloc_name = true;
++ }
+ }
+ #endif
+
Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-02-11 22:18:35 UTC (rev 6363)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-02-11 22:27:50 UTC (rev 6364)
@@ -402,3 +402,4 @@
any/cvs-vfprintf.diff
any/cvs-posix_spawn_file_actions_addopen.diff
any/cvs-getnetbyname.diff
+any/cvs-getaddrinfo-idn.diff
Reply to: