From ad163810f2bc01da6abb4a9becb404fccf738116 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Fri, 27 Feb 2015 16:34:43 +0530 Subject: [PATCH] Avoid infinite loop in nss_dns getnetbyname (CVE-2014-9402, #1175370) --- glibc-rh1175370.patch | 21 +++++++++++++++++++++ glibc.spec | 3 +++ 2 files changed, 24 insertions(+) create mode 100644 glibc-rh1175370.patch diff --git a/glibc-rh1175370.patch b/glibc-rh1175370.patch new file mode 100644 index 0000000..8e0ca4f --- /dev/null +++ b/glibc-rh1175370.patch @@ -0,0 +1,21 @@ +commit 11e3417af6e354f1942c68a271ae51e892b2814d +Author: Florian Weimer +Date: Mon Dec 15 17:41:13 2014 +0100 + + Avoid infinite loop in nss_dns getnetbyname [BZ #17630] + +diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c +index 0a77c8b..08cf0a6 100644 +--- a/resolv/nss_dns/dns-network.c ++++ b/resolv/nss_dns/dns-network.c +@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result, + + case BYNAME: + { +- char **ap = result->n_aliases++; +- while (*ap != NULL) ++ char **ap; ++ for (ap = result->n_aliases; *ap != NULL; ++ap) + { + /* Check each alias name for being of the forms: + 4.3.2.1.in-addr.arpa = net 1.2.3.4 diff --git a/glibc.spec b/glibc.spec index 9a32b31..c1a6137 100644 --- a/glibc.spec +++ b/glibc.spec @@ -208,6 +208,7 @@ Patch0051: %{name}-disable-rwlock-elision.patch ############################################################################## Patch1001: %{name}-rh1133508.patch Patch1002: %{name}-rh1167569.patch +Patch1003: %{name}-rh1175370.patch ############################################################################## # @@ -577,6 +578,7 @@ package or when debugging this package. %patch1001 -p1 %patch0051 -p1 %patch1002 -p1 +%patch1003 -p1 ############################################################################## # %%prep - Additional prep required... @@ -1714,6 +1716,7 @@ rm -f *.filelist* %changelog * Fri Feb 27 2015 Siddhesh Poyarekar - 2.20-8 - wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, #1167569). +- Avoid infinite loop in nss_dns getnetbyname (CVE-2014-9402, #1175370). * Tue Jan 06 2015 Siddhesh Poyarekar - 2.20-7 - Remove LIB_LANG since we don't install locales in /usr/lib/locale anymore.