Author: aurel32
Date: 2013-12-03 16:16:50 +0000 (Tue, 03 Dec 2013)
New Revision: 5858
Added:
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4458.diff
Modified:
glibc-package/branches/glibc-branch-wheezy/debian/changelog
glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
patches/any/cvs-CVE-2013-4458.diff: backport stack (frame) overflow fixes
in getaddrinfo() when called with AF_INET6, addressing CVE-2013-4458
(Closes: #727181).
Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2013-12-03
15:25:36 UTC (rev 5857)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2013-12-03
16:16:50 UTC (rev 5858)
@@ -12,6 +12,9 @@
* patches/any/cvs-CVE-2013-4237.diff: backport buffer overwrite fix in
readdir_r for file systems returning file names longer than NAME_MAX
characters, addressing CVE-2013-4237 (Closes: #719558).
+ * patches/any/cvs-CVE-2013-4458.diff: backport stack (frame) overflow fixes
+ in getaddrinfo() when called with AF_INET6, addressing CVE-2013-4458
+ (Closes: #727181).
* patches/any/cvs-findlocale-div-by-zero.diff: patch from upstream to fix
a SIGFPE when locale-archive has been corrupted to all zeros (Closes:
#718890, #730336). patches/kfreebsd/local-readdir_r.diff: remove
Added:
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4458.diff
===================================================================
---
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4458.diff
(rev 0)
+++
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4458.diff
2013-12-03 16:16:50 UTC (rev 5858)
@@ -0,0 +1,44 @@
+2013-10-25 Siddhesh Poyarekar <[email protected]>
+
+ [BZ #16072]
+ * sysdeps/posix/getaddrinfo.c (gethosts): Allocate tmpbuf on
+ heap for large requests.
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index e6ce4cf..8ff74b4 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct
gaih_typeproto *tp,
+ &rc, &herrno, NULL, &localcanon)); \
+ if (rc != ERANGE || herrno != NETDB_INTERNAL) \
+ break; \
+- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen);
\
++ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen))
\
++ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen,
\
++ alloca_used); \
++ else \
++ {
\
++ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \
++ 2 * tmpbuflen); \
++ if (newp == NULL) \
++ { \
++ result = -EAI_MEMORY; \
++ goto free_and_return; \
++ } \
++ tmpbuf = newp; \
++ malloc_tmpbuf = true; \
++ tmpbuflen = 2 * tmpbuflen; \
++ }
\
+ } \
+ if (status == NSS_STATUS_SUCCESS && rc == 0)
\
+ h = &th; \
+@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct
gaih_typeproto *tp,
+ { \
+ __set_h_errno (herrno); \
+ _res.options |= old_res_options & RES_USE_INET6; \
+- return -EAI_SYSTEM; \
++ result = -EAI_SYSTEM; \
++ goto free_and_return; \
+ } \
+ if (herrno == TRY_AGAIN)
\
+ no_data = EAI_AGAIN; \
Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series
2013-12-03 15:25:36 UTC (rev 5857)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series
2013-12-03 16:16:50 UTC (rev 5858)
@@ -379,4 +379,5 @@
any/cvs-CVE-2013-0242.diff
any/cvs-CVE-2013-1914.diff
any/cvs-CVE-2013-4237.diff
+any/cvs-CVE-2013-4458.diff
any/cvs-findlocale-div-by-zero.diff
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
