Author: aurel32 Date: 2013-05-08 15:36:54 +0000 (Wed, 08 May 2013) New Revision: 5563
Added: glibc-package/trunk/debian/patches/any/cvs-getaddrinfo-stack-overflow.diff Modified: glibc-package/trunk/debian/changelog glibc-package/trunk/debian/patches/series Log: * patches/any/cvs-getaddrinfo-stack-overflow.diff: New patch to fix a stack overflow in getaddrinfo(), CVE-2013-1914. Closes: #704623. Modified: glibc-package/trunk/debian/changelog =================================================================== --- glibc-package/trunk/debian/changelog 2013-05-08 15:28:02 UTC (rev 5562) +++ glibc-package/trunk/debian/changelog 2013-05-08 15:36:54 UTC (rev 5563) @@ -15,6 +15,8 @@ define MUTEX_INITIALIZER. * Japanese debconf translation update from Nobuhiro Iwamatsu. closes: #695077. + * patches/any/cvs-getaddrinfo-stack-overflow.diff: New patch to fix + a stack overflow in getaddrinfo(), CVE-2013-1914. Closes: #704623. [ Petr Salinger ] * patches/kfreebsd/local-linuxthreads-initfini.diff: follow upstream Added: glibc-package/trunk/debian/patches/any/cvs-getaddrinfo-stack-overflow.diff =================================================================== --- glibc-package/trunk/debian/patches/any/cvs-getaddrinfo-stack-overflow.diff (rev 0) +++ glibc-package/trunk/debian/patches/any/cvs-getaddrinfo-stack-overflow.diff 2013-05-08 15:36:54 UTC (rev 5563) @@ -0,0 +1,50 @@ +2013-04-03 Andreas Schwab <sch...@suse.de> + + [BZ #15330] + * sysdeps/posix/getaddrinfo.c (getaddrinfo): Allocate results and + order arrays from heap if bigger than alloca cutoff. + +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index d95c2d1..2309281 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -2489,11 +2489,27 @@ getaddrinfo (const char *name, const char *service, + __typeof (once) old_once = once; + __libc_once (once, gaiconf_init); + /* Sort results according to RFC 3484. */ +- struct sort_result results[nresults]; +- size_t order[nresults]; ++ struct sort_result *results; ++ size_t *order; + struct addrinfo *q; + struct addrinfo *last = NULL; + char *canonname = NULL; ++ bool malloc_results; ++ ++ malloc_results ++ = !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (size_t))); ++ if (malloc_results) ++ { ++ results = malloc (nresults * (sizeof (*results) + sizeof (size_t))); ++ if (results == NULL) ++ { ++ __free_in6ai (in6ai); ++ return EAI_MEMORY; ++ } ++ } ++ else ++ results = alloca (nresults * (sizeof (*results) + sizeof (size_t))); ++ order = (size_t *) (results + nresults); + + /* Now we definitely need the interface information. */ + if (! check_pf_called) +@@ -2664,6 +2680,9 @@ getaddrinfo (const char *name, const char *service, + + /* Fill in the canonical name into the new first entry. */ + p->ai_canonname = canonname; ++ ++ if (malloc_results) ++ free (results); + } + + __free_in6ai (in6ai); Modified: glibc-package/trunk/debian/patches/series =================================================================== --- glibc-package/trunk/debian/patches/series 2013-05-08 15:28:02 UTC (rev 5562) +++ glibc-package/trunk/debian/patches/series 2013-05-08 15:36:54 UTC (rev 5563) @@ -235,3 +235,4 @@ any/cvs-use-glibc-wchar.diff any/submitted-setfsid-wur.diff any/cvs-sys-param-h-DEV_BSIZE.diff +any/cvs-getaddrinfo-stack-overflow.diff -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1ua6qi-0001ms...@vasks.debian.org