Revision: 7834
http://sourceforge.net/p/ipcop/svn/7834
Author: owes
Date: 2015-01-29 13:33:57 +0000 (Thu, 29 Jan 2015)
Log Message:
-----------
Debian/Suse borrowed patch for CVE-2015-0235
Modified Paths:
--------------
ipcop/trunk/lfs/glibc
Added Paths:
-----------
ipcop/trunk/src/patches/glibc-2.11_cvs-gethostbyname.patch
Modified: ipcop/trunk/lfs/glibc
===================================================================
--- ipcop/trunk/lfs/glibc 2015-01-29 12:59:40 UTC (rev 7833)
+++ ipcop/trunk/lfs/glibc 2015-01-29 13:33:57 UTC (rev 7834)
@@ -128,6 +128,7 @@
cd $(DIR_APP) && patch -p1 -i
$(DIR_PATCHES)/glibc-2.11_remove-ctors-dtors-outputs.patch
cd $(DIR_APP) && patch -p1 -i
$(DIR_PATCHES)/glibc-2.11_elf-noload-against-ldl.patch
cd $(DIR_APP) && patch -p1 -i
$(DIR_PATCHES)/glibc-2.11_link-as-needed-against-ld.so.patch
+ cd $(DIR_APP) && patch -p1 -i
$(DIR_PATCHES)/glibc-2.11_cvs-gethostbyname.patch
@mkdir $(DIR_SRC)/glibc-build
Added: ipcop/trunk/src/patches/glibc-2.11_cvs-gethostbyname.patch
===================================================================
--- ipcop/trunk/src/patches/glibc-2.11_cvs-gethostbyname.patch
(rev 0)
+++ ipcop/trunk/src/patches/glibc-2.11_cvs-gethostbyname.patch 2015-01-29
13:33:57 UTC (rev 7834)
@@ -0,0 +1,211 @@
+2013-05-21 Andreas Schwab <sch...@suse.de>
+
+ [BZ #15014]
+ * nss/getXXbyYY_r.c (INTERNAL (REENTRANT_NAME))
+ [HANDLE_DIGITS_DOTS]: Set any_service when digits-dots parsing was
+ successful.
+ * nss/digits_dots.c (__nss_hostname_digits_dots): Remove
+ redundant variable declarations and reallocation of buffer when
+ parsing as IPv6 address. Always set NSS status when called from
+ reentrant functions. Use NETDB_INTERNAL instead of TRY_AGAIN when
+ buffer too small. Correct computation of needed size.
+ * nss/Makefile (tests): Add test-digits-dots.
+ * nss/test-digits-dots.c: New test.
+
+--- a/nss/digits_dots.c
++++ b/nss/digits_dots.c
+@@ -47,7 +47,10 @@
+ {
+ if (h_errnop)
+ *h_errnop = NETDB_INTERNAL;
+- *result = NULL;
++ if (buffer_size == NULL)
++ *status = NSS_STATUS_TRYAGAIN;
++ else
++ *result = NULL;
+ return -1;
+ }
+
+@@ -84,14 +87,16 @@
+ }
+
+ size_needed = (sizeof (*host_addr)
+- + sizeof (*h_addr_ptrs) + strlen (name) + 1);
++ + sizeof (*h_addr_ptrs)
++ + sizeof (*h_alias_ptr) + strlen (name) + 1);
+
+ if (buffer_size == NULL)
+ {
+ if (buflen < size_needed)
+ {
++ *status = NSS_STATUS_TRYAGAIN;
+ if (h_errnop != NULL)
+- *h_errnop = TRY_AGAIN;
++ *h_errnop = NETDB_INTERNAL;
+ __set_errno (ERANGE);
+ goto done;
+ }
+@@ -110,7 +115,7 @@
+ *buffer_size = 0;
+ __set_errno (save);
+ if (h_errnop != NULL)
+- *h_errnop = TRY_AGAIN;
++ *h_errnop = NETDB_INTERNAL;
+ *result = NULL;
+ goto done;
+ }
+@@ -150,7 +155,9 @@
+ if (! ok)
+ {
+ *h_errnop = HOST_NOT_FOUND;
+- if (buffer_size)
++ if (buffer_size == NULL)
++ *status = NSS_STATUS_NOTFOUND;
++ else
+ *result = NULL;
+ goto done;
+ }
+@@ -191,7 +198,7 @@
+ if (buffer_size == NULL)
+ *status = NSS_STATUS_SUCCESS;
+ else
+- *result = resbuf;
++ *result = resbuf;
+ goto done;
+ }
+
+@@ -202,15 +209,6 @@
+
+ if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] ==
':')
+ {
+- const char *cp;
+- char *hostname;
+- typedef unsigned char host_addr_t[16];
+- host_addr_t *host_addr;
+- typedef char *host_addr_list_t[2];
+- host_addr_list_t *h_addr_ptrs;
+- size_t size_needed;
+- int addr_size;
+-
+ switch (af)
+ {
+ default:
+@@ -226,7 +224,10 @@
+ /* This is not possible. We cannot represent an IPv6 address
+ in an `struct in_addr' variable. */
+ *h_errnop = HOST_NOT_FOUND;
+- *result = NULL;
++ if (buffer_size == NULL)
++ *status = NSS_STATUS_NOTFOUND;
++ else
++ *result = NULL;
+ goto done;
+
+ case AF_INET6:
+@@ -234,42 +235,6 @@
+ break;
+ }
+
+- size_needed = (sizeof (*host_addr)
+- + sizeof (*h_addr_ptrs) + strlen (name) + 1);
+-
+- if (buffer_size == NULL && buflen < size_needed)
+- {
+- if (h_errnop != NULL)
+- *h_errnop = TRY_AGAIN;
+- __set_errno (ERANGE);
+- goto done;
+- }
+- else if (buffer_size != NULL && *buffer_size < size_needed)
+- {
+- char *new_buf;
+- *buffer_size = size_needed;
+- new_buf = realloc (*buffer, *buffer_size);
+-
+- if (new_buf == NULL)
+- {
+- save = errno;
+- free (*buffer);
+- __set_errno (save);
+- *buffer = NULL;
+- *buffer_size = 0;
+- *result = NULL;
+- goto done;
+- }
+- *buffer = new_buf;
+- }
+-
+- memset (*buffer, '\0', size_needed);
+-
+- host_addr = (host_addr_t *) *buffer;
+- h_addr_ptrs = (host_addr_list_t *)
+- ((char *) host_addr + sizeof (*host_addr));
+- hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
+-
+ for (cp = name;; ++cp)
+ {
+ if (!*cp)
+@@ -282,7 +247,9 @@
+ if (inet_pton (AF_INET6, name, host_addr) <= 0)
+ {
+ *h_errnop = HOST_NOT_FOUND;
+- if (buffer_size)
++ if (buffer_size == NULL)
++ *status = NSS_STATUS_NOTFOUND;
++ else
+ *result = NULL;
+ goto done;
+ }
+--- a/nss/getXXbyYY_r.c
++++ b/nss/getXXbyYY_r.c
+@@ -178,6 +178,9 @@
+ case -1:
+ return errno;
+ case 1:
++#ifdef NEED_H_ERRNO
++ any_service = true;
++#endif
+ goto done;
+ }
+ #endif
+--- /dev/null
++++ b/nss/test-digits-dots.c
+@@ -0,0 +1,38 @@
++/* Copyright (C) 2013 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++/* Testcase for BZ #15014 */
++
++#include <stdlib.h>
++#include <netdb.h>
++#include <errno.h>
++
++static int
++do_test (void)
++{
++ char buf[32];
++ struct hostent *result = NULL;
++ struct hostent ret;
++ int h_err = 0;
++ int err;
++
++ err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err);
++ return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS :
EXIT_FAILURE;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../test-skeleton.c"
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
