rpms/glibc
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix stack overflow in getaddrinfo with many results (#947892, CVE-2013-1914)

Browse Source
This commit is contained in:
Siddhesh Poyarekar 2013-08-19 18:25:29 +05:30
parent c7516dcc05
commit f626cf6388
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
glibc-rh947892.patch Normal file
View File

@ -0,0 +1,50 @@
commit 1cef1b19089528db11f221e938f60b9b048945d7
Author: Andreas Schwab <schwab@suse.de>
Date: Thu Mar 21 15:50:27 2013 +0100
Fix stack overflow in getaddrinfo with many results
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index d95c2d1..2309281 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -2489,11 +2489,27 @@ getaddrinfo (const char *name, const char *service,
__typeof (once) old_once = once;
__libc_once (once, gaiconf_init);
/* Sort results according to RFC 3484. */
- struct sort_result results[nresults];
- size_t order[nresults];
+ struct sort_result *results;
+ size_t *order;
struct addrinfo *q;
struct addrinfo *last = NULL;
char *canonname = NULL;
+ bool malloc_results;
+
+ malloc_results
+ = !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (size_t)));
+ if (malloc_results)
+ {
+ results = malloc (nresults * (sizeof (*results) + sizeof (size_t)));
+ if (results == NULL)
+ {
+ __free_in6ai (in6ai);
+ return EAI_MEMORY;
+ }
+ }
+ else
+ results = alloca (nresults * (sizeof (*results) + sizeof (size_t)));
+ order = (size_t *) (results + nresults);
/* Now we definitely need the interface information. */
if (! check_pf_called)
@@ -2664,6 +2680,9 @@ getaddrinfo (const char *name, const char *service,
/* Fill in the canonical name into the new first entry. */
p->ai_canonname = canonname;
+
+ if (malloc_results)
+ free (results);
}
__free_in6ai (in6ai);

7
glibc.spec
View File

@ -27,7 +27,7 @@
Summary: The GNU libc libraries Summary: The GNU libc libraries
Name: glibc Name: glibc
Version: %{glibcversion} Version: %{glibcversion}
Release: 12%{?dist} Release: 13%{?dist}
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries. # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
# Things that are linked directly into dynamically linked programs # Things that are linked directly into dynamically linked programs
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@ -123,6 +123,7 @@ Patch1006: %{name}-rh977887.patch
Patch1007: %{name}-rh977887-2.patch Patch1007: %{name}-rh977887-2.patch
Patch1008: %{name}-rh984829.patch Patch1008: %{name}-rh984829.patch
Patch1009: %{name}-rh995841.patch Patch1009: %{name}-rh995841.patch
Patch1010: %{name}-rh947892.patch
# #
# Patches submitted, but not yet approved upstream. # Patches submitted, but not yet approved upstream.
@ -433,6 +434,7 @@ package or when debugging this package.
%patch1008 -p1 %patch1008 -p1
%patch2040 -p1 %patch2040 -p1
%patch1009 -p1 %patch1009 -p1
%patch1010 -p1
# On powerpc32, hp timing is only available in power4/power6 # On powerpc32, hp timing is only available in power4/power6
# libs, not in base, so pre-power4 dynamic linker is incompatible # libs, not in base, so pre-power4 dynamic linker is incompatible
@ -1223,6 +1225,9 @@ rm -f *.filelist*
%endif %endif
%changelog %changelog
* Mon Aug 19 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-13
- Fix stack overflow in getaddrinfo with many results (#947892, CVE-2013-1914).
* Mon Aug 19 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-12 * Mon Aug 19 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-12
- Disable pt_chown (#984829, CVE-2013-2207). - Disable pt_chown (#984829, CVE-2013-2207).
- Fix strcoll flaws (#855399, CVE-2012-4412, CVE-2012-4424). - Fix strcoll flaws (#855399, CVE-2012-4412, CVE-2012-4424).