Author: adconrad Date: 2012-10-26 03:31:14 +0000 (Fri, 26 Oct 2012) New Revision: 5348
Added: glibc-package/branches/eglibc-2.16/debian/patches/any/local-CVE-2011-4609.diff Modified: glibc-package/branches/eglibc-2.16/debian/changelog glibc-package/branches/eglibc-2.16/debian/patches/series Log: debian/patches/any/local-CVE-2011-4609.diff: nanosleep when too many open fds are detected to work around DoS in sunrpc (CVE-2011-4609) Modified: glibc-package/branches/eglibc-2.16/debian/changelog =================================================================== --- glibc-package/branches/eglibc-2.16/debian/changelog 2012-10-26 03:18:54 UTC (rev 5347) +++ glibc-package/branches/eglibc-2.16/debian/changelog 2012-10-26 03:31:14 UTC (rev 5348) @@ -364,6 +364,8 @@ * Merge regression/progression test suite improvements from Ubuntu. * debian/patches/any/local-CVE-2012-3406.diff: switch to malloc when array grows too large to handle via alloca extension (CVE-2012-3406) + * debian/patches/any/local-CVE-2011-4609.diff: nanosleep when too many + open fds are detected to work around DoS in sunrpc (CVE-2011-4609) -- Aurelien Jarno <aure...@debian.org> Wed, 25 Jul 2012 23:45:58 +0200 Added: glibc-package/branches/eglibc-2.16/debian/patches/any/local-CVE-2011-4609.diff =================================================================== --- glibc-package/branches/eglibc-2.16/debian/patches/any/local-CVE-2011-4609.diff (rev 0) +++ glibc-package/branches/eglibc-2.16/debian/patches/any/local-CVE-2011-4609.diff 2012-10-26 03:31:14 UTC (rev 5348) @@ -0,0 +1,92 @@ +Origin: Red Hat, glibc-2.12-1.47.el6_2.5.src.rpm:glibc-rh767692-2.patch +Bug: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716 +Subject: DoS in RPC implementation + +CVE-2011-4069 + + +--- + sunrpc/svc_tcp.c | 6 ++++++ + sunrpc/svc_udp.c | 13 +++++++++++-- + sunrpc/svc_unix.c | 6 ++++++ + 3 files changed, 23 insertions(+), 2 deletions(-) + +Index: b/sunrpc/svc_tcp.c +=================================================================== +--- a/sunrpc/svc_tcp.c ++++ b/sunrpc/svc_tcp.c +@@ -44,6 +44,7 @@ + #include <sys/poll.h> + #include <errno.h> + #include <stdlib.h> ++#include <time.h> + + #include <wchar.h> + #include <libio/iolibio.h> +@@ -247,6 +248,11 @@ again: + { + if (errno == EINTR) + goto again; ++ if (errno == EMFILE) ++ { ++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 }; ++ __nanosleep(&ts , NULL); ++ } + return FALSE; + } + /* +Index: b/sunrpc/svc_udp.c +=================================================================== +--- a/sunrpc/svc_udp.c ++++ b/sunrpc/svc_udp.c +@@ -40,6 +40,7 @@ + #include <sys/socket.h> + #include <errno.h> + #include <libintl.h> ++#include <time.h> + + #ifdef IP_PKTINFO + #include <sys/uio.h> +@@ -277,8 +278,16 @@ again: + (int) su->su_iosz, 0, + (struct sockaddr *) &(xprt->xp_raddr), &len); + xprt->xp_addrlen = len; +- if (rlen == -1 && errno == EINTR) +- goto again; ++ if (rlen == -1) ++ { ++ if (errno == EINTR) ++ goto again; ++ if (errno == EMFILE) ++ { ++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 }; ++ __nanosleep(&ts , NULL); ++ } ++ } + if (rlen < 16) /* < 4 32-bit ints? */ + return FALSE; + xdrs->x_op = XDR_DECODE; +Index: b/sunrpc/svc_unix.c +=================================================================== +--- a/sunrpc/svc_unix.c ++++ b/sunrpc/svc_unix.c +@@ -47,6 +47,7 @@ + #include <stdlib.h> + #include <libintl.h> + #include <wchar.h> ++#include <time.h> + + /* + * Ops vector for AF_UNIX based rpc service handle +@@ -244,6 +245,11 @@ again: + { + if (errno == EINTR) + goto again; ++ if (errno == EMFILE) ++ { ++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 }; ++ __nanosleep(&ts , NULL); ++ } + return FALSE; + } + /* Modified: glibc-package/branches/eglibc-2.16/debian/patches/series =================================================================== --- glibc-package/branches/eglibc-2.16/debian/patches/series 2012-10-26 03:18:54 UTC (rev 5347) +++ glibc-package/branches/eglibc-2.16/debian/patches/series 2012-10-26 03:31:14 UTC (rev 5348) @@ -228,3 +228,4 @@ any/local-revert-fclose-posix2008.diff any/local-disable-libnss-db.diff any/local-CVE-2012-3406.diff +any/local-CVE-2011-4609.diff -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1tradf-0007ex...@vasks.debian.org