r6659 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r6659 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
From: Aurelien Jarno <aurel32@moszumanska.debian.org>
Date: Mon, 19 Oct 2015 10:49:58 +0000
Message-id: <[🔎] E1Zo80s-0004I9-AO@moszumanska.debian.org>

Author: aurel32
Date: 2015-10-19 10:49:58 +0000 (Mon, 19 Oct 2015)
New Revision: 6659

Added:
   glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff
Modified:
   glibc-package/branches/glibc-branch-wheezy/debian/changelog
   glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.

Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog	2015-10-19 10:29:42 UTC (rev 6658)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog	2015-10-19 10:49:58 UTC (rev 6659)
@@ -1,3 +1,10 @@
+eglibc (2.13-38+deb7u9) UNRELEASED; urgency=medium
+
+  * patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
+    a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
+
+ -- Aurelien Jarno <aurel32@debian.org>  Mon, 19 Oct 2015 12:40:42 +0200
+
 eglibc (2.13-38+deb7u8) wheezy-security; urgency=medium
 
   * debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a

Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff	                        (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff	2015-10-19 10:49:58 UTC (rev 6659)
@@ -0,0 +1,18 @@
+2015-04-21  Arjun Shankar  <arjun.is@lostca.se>
+
+	[BZ #18287]
+	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
+	based on padding.  (CVE-2015-1781)
+
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
++  buflen = buflen > pad ? buflen - pad : 0;
++  if (__builtin_expect (buflen < sizeof (struct host_data), 0))
+     {
+       /* The buffer is too small.  */
+     too_small:

Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2015-10-19 10:29:42 UTC (rev 6658)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2015-10-19 10:49:58 UTC (rev 6659)
@@ -403,3 +403,4 @@
 any/cvs-posix_spawn_file_actions_addopen.diff
 any/cvs-getnetbyname.diff
 any/cvs-getaddrinfo-idn.diff
+any/cvs-CVE-2015-1781.diff

Reply to:

Prev by Date: r6658 - glibc-package/branches/glibc-branch-jessie/debian
Next by Date: r6660 - in glibc-package/branches/glibc-2.21/debian: . patches patches/any
Previous by thread: r6658 - glibc-package/branches/glibc-branch-jessie/debian
Next by thread: r6660 - in glibc-package/branches/glibc-2.21/debian: . patches patches/any
Index(es):
- Date
- Thread