gethostid: Missing NULL check for gethostbyname_r result (#1631338)

2018-09-26 21:58:24 +02:00 · 2018-09-26 21:58:24 +02:00 · dc43d3ff16
commit dc43d3ff16
parent 65fcf01bb3
3 changed files with 181 additions and 1 deletions
--- a/glibc-rh1631338-1.patch
+++ b/glibc-rh1631338-1.patch
@ -0,0 +1,29 @@
+commit e7d22db29cfdd2f1fb97a70a76fa53d151569945
+Author: Mingli Yu <Mingli.Yu@windriver.com>
+Date:   Thu Sep 20 12:41:13 2018 +0200
+
+    Linux gethostid: Check for NULL value from gethostbyname_r [BZ #23679]
+    
+    A NULL value can happen with certain gethostbyname_r failures.
+    
+    (cherry picked from commit 1214ba06e6771acb953a190091b0f6055c64fd25)
+
+diff --git a/sysdeps/unix/sysv/linux/gethostid.c b/sysdeps/unix/sysv/linux/gethostid.c
+index 2e20f034dc134cc7..ee0190e7f945db1f 100644
+--- a/sysdeps/unix/sysv/linux/gethostid.c
+++ b/sysdeps/unix/sysv/linux/gethostid.c
+@@ -102,12 +102,12 @@ gethostid (void)
+     {
+       int ret = __gethostbyname_r (hostname, &hostbuf,
+ 				   tmpbuf.data, tmpbuf.length, &hp, &herr);
+-      if (ret == 0)
+      if (ret == 0 && hp != NULL)
+ 	break;
+       else
+ 	{
+ 	  /* Enlarge the buffer on ERANGE.  */
+-	  if (herr == NETDB_INTERNAL && errno == ERANGE)
+	  if (ret != 0 && herr == NETDB_INTERNAL && errno == ERANGE)
+ 	    {
+ 	      if (!scratch_buffer_grow (&tmpbuf))
+ 		return 0;
--- a/glibc-rh1631338-2.patch
+++ b/glibc-rh1631338-2.patch
@ -0,0 +1,146 @@
+commit 307d04334d516bb180f484a2b283f97310bfee66
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Thu Sep 20 12:03:01 2018 +0200
+
+    misc: New test misc/tst-gethostid
+    
+    The empty /etc/hosts file used to trigger bug 23679.
+    
+    (cherry picked from commit db9a8ad4ff3fc58e3773a9a4d0cabe3c1bc9c94c)
+
+diff --git a/misc/Makefile b/misc/Makefile
+index b7be2bc19a6f7ed5..c9f81515ac9aef2c 100644
+--- a/misc/Makefile
+++ b/misc/Makefile
+@@ -86,6 +86,11 @@ tests := tst-dirname tst-tsearch tst-fdset tst-efgcvt tst-mntent tst-hsearch \
+ 	 tst-preadvwritev tst-preadvwritev64 tst-makedev tst-empty \
+ 	 tst-preadvwritev2 tst-preadvwritev64v2
+ 
+# Tests which need libdl.
+ifeq (yes,$(build-shared))
+tests += tst-gethostid
+endif
+
+ tests-internal := tst-atomic tst-atomic-long tst-allocate_once
+ tests-static := tst-empty
+ 
+@@ -145,3 +150,5 @@ tst-allocate_once-ENV = MALLOC_TRACE=$(objpfx)tst-allocate_once.mtrace
+ $(objpfx)tst-allocate_once-mem.out: $(objpfx)tst-allocate_once.out
+ 	$(common-objpfx)malloc/mtrace $(objpfx)tst-allocate_once.mtrace > $@; \
+ 	$(evaluate-test)
+
+$(objpfx)tst-gethostid: $(libdl)
+diff --git a/misc/tst-gethostid.c b/misc/tst-gethostid.c
+new file mode 100644
+index 0000000000000000..1490aaf3f517ff1d
+--- /dev/null
+++ b/misc/tst-gethostid.c
+@@ -0,0 +1,108 @@
+/* Basic test for gethostid.
+   Copyright (C) 2018 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <gnu/lib-names.h>
+#include <nss.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <support/namespace.h>
+#include <support/support.h>
+#include <support/temp_file.h>
+#include <support/xdlfcn.h>
+#include <support/xstdio.h>
+#include <support/xunistd.h>
+#include <unistd.h>
+
+/* Initial test is run outside a chroot, to increase the likelihood of
+   success.  */
+static void
+outside_chroot (void *closure)
+{
+  long id = gethostid ();
+  printf ("info: host ID outside chroot: 0x%lx\n", id);
+}
+
+/* The same, but this time perform a chroot operation.  */
+static void
+in_chroot (void *closure)
+{
+  const char *chroot_path = closure;
+  xchroot (chroot_path);
+  long id = gethostid ();
+  printf ("info: host ID in chroot: 0x%lx\n", id);
+}
+
+static int
+do_test (void)
+{
+  support_isolate_in_subprocess (outside_chroot, NULL);
+
+  /* Now run the test inside a chroot.  */
+  support_become_root ();
+  if (!support_can_chroot ())
+    /* Cannot perform further tests.  */
+    return 0;
+
+  /* Only use nss_files.  */
+  __nss_configure_lookup ("hosts", "files");
+
+  /* Load the DSO outside of the chroot.  */
+  xdlopen (LIBNSS_FILES_SO, RTLD_LAZY);
+
+  char *chroot_dir = support_create_temp_directory ("tst-gethostid-");
+  support_isolate_in_subprocess (in_chroot, chroot_dir);
+
+  /* Tests with /etc/hosts in the chroot.  */
+  {
+    char *path = xasprintf ("%s/etc", chroot_dir);
+    add_temp_file (path);
+    xmkdir (path, 0777);
+    free (path);
+    path = xasprintf ("%s/etc/hosts", chroot_dir);
+    add_temp_file (path);
+
+    FILE *fp = xfopen (path, "w");
+    xfclose (fp);
+    printf ("info: chroot test with an empty /etc/hosts file\n");
+    support_isolate_in_subprocess (in_chroot, chroot_dir);
+
+    char hostname[1024];
+    int ret = gethostname (hostname, sizeof (hostname));
+    if (ret < 0)
+      printf ("warning: invalid result from gethostname: %d\n", ret);
+    else if (strlen (hostname) == 0)
+      puts ("warning: gethostname returned empty string");
+    else
+      {
+        printf ("info: chroot test with IPv6 address in /etc/hosts for: %s\n",
+                hostname);
+        fp = xfopen (path, "w");
+        /* Use an IPv6 address to induce another lookup failure.  */
+        fprintf (fp, "2001:db8::1 %s\n", hostname);
+        xfclose (fp);
+        support_isolate_in_subprocess (in_chroot, chroot_dir);
+      }
+    free (path);
+  }
+  free (chroot_dir);
+
+  return 0;
+}
+
+#include <support/test-driver.c>
--- a/glibc.spec
+++ b/glibc.spec
@ -1,6 +1,6 @@
 %define glibcsrcdir glibc-2.28
 %define glibcversion 2.28
-%define glibcrelease 11%{?dist}
+%define glibcrelease 12%{?dist}
 # Pre-release tarballs are pulled in from git using a command that is
 # effectively:
 #
@ -167,6 +167,8 @@ Patch31: glibc-nss_files-leak.patch
 Patch32: glibc-rh1622669.patch
 Patch33: glibc-1622674-1.patch
 Patch34: glibc-1622674-2.patch
+Patch35: glibc-rh1631338-1.patch
+Patch36: glibc-rh1631338-2.patch

 ##############################################################################
 # Continued list of core "glibc" package information:
@ -1908,6 +1910,9 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared

 %changelog
+* Wed Sep 26 2018 Florian Weimer <fweimer@redhat.com> - 2.28-12
+- gethostid: Missing NULL check for gethostbyname_r result (#1631338)
+
 * Wed Sep  5 2018 Florian Weimer <fweimer@redhat.com> - 2.28-11
 - Add python3-devel build dependency for downstream benefit