Accepting request 205248 from Base:System

- getaddrinfo-overflow.patch: Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, bnc#847227) (forwarded request 205246 from Andreas_Schwab) OBS-URL: https://build.opensuse.org/request/show/205248 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/glibc?expand=0&rev=160
2013-10-31 15:02:57 +00:00 · 2013-10-31 15:02:57 +00:00 · aceb11f270
commit aceb11f270
parent 623e4fd2f3
7 changed files with 71 additions and 0 deletions
--- a/getaddrinfo-overflow.patch
+++ b/getaddrinfo-overflow.patch
@ -0,0 +1,44 @@
+2013-10-25  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16072]
+	* sysdeps/posix/getaddrinfo.c (gethosts): Allocate tmpbuf on
+	heap for large requests.
+
+Index: glibc-2.18/sysdeps/posix/getaddrinfo.c
+===================================================================
+--- glibc-2.18.orig/sysdeps/posix/getaddrinfo.c
+++ glibc-2.18/sysdeps/posix/getaddrinfo.c
+@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename,
+ 				&rc, &herrno, NULL, &localcanon));	      \
+     if (rc != ERANGE || herrno != NETDB_INTERNAL)			      \
+       break;								      \
+-    tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen);		      \
+    if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen))    \
+      tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen,	      \
+				      alloca_used);			      \
+    else								      \
+      {									      \
+	char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL,		      \
+			      2 * tmpbuflen);				      \
+	if (newp == NULL)						      \
+	  {								      \
+	    result = -EAI_MEMORY;					      \
+	    goto free_and_return;					      \
+	  }								      \
+	tmpbuf = newp;							      \
+	malloc_tmpbuf = true;						      \
+	tmpbuflen = 2 * tmpbuflen;					      \
+      }									      \
+   }									      \
+   if (status == NSS_STATUS_SUCCESS && rc == 0)				      \
+     h = &th;								      \
+@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename,
+ 	{								      \
+ 	  __set_h_errno (herrno);					      \
+ 	  _res.options |= old_res_options & RES_USE_INET6;		      \
+-	  return -EAI_SYSTEM;						      \
+	  result = -EAI_SYSTEM;						      \
+	  goto free_and_return;						      \
+ 	}								      \
+       if (herrno == TRY_AGAIN)						      \
+ 	no_data = EAI_AGAIN;						      \
--- a/glibc-testsuite.changes
+++ b/glibc-testsuite.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 30 14:05:30 UTC 2013 - schwab@suse.de
+
+- getaddrinfo-overflow.patch: Fix stack overflow due to large AF_INET6
+  requests (CVE-2013-4458, bnc#847227)
+
 -------------------------------------------------------------------
 Mon Oct 21 12:14:38 UTC 2013 - schwab@suse.de

--- a/glibc-testsuite.spec
+++ b/glibc-testsuite.spec
@ -250,6 +250,8 @@ Patch1000:      fcntl-o-tmpfile.patch
 Patch1001:      malloc-overflows.patch
 # PATCH-FIX-UPSTREAM m68k: Use PIC for Scrt1.o
 Patch1002:      m68k-Scrt1.patch
+# PATCH-FIX-UPSTREAM Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458)
+Patch1003:      getaddrinfo-overflow.patch

 ### 
 # Patches awaiting upstream approval
@ -478,6 +480,7 @@ rm nscd/s-stamp
 %patch1000 -p1
 %patch1001 -p1
 %patch1002 -p1
+%patch1003 -p1

 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 
 # %patch2008 -p1
--- a/glibc-utils.changes
+++ b/glibc-utils.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 30 14:05:30 UTC 2013 - schwab@suse.de
+
+- getaddrinfo-overflow.patch: Fix stack overflow due to large AF_INET6
+  requests (CVE-2013-4458, bnc#847227)
+
 -------------------------------------------------------------------
 Mon Oct 21 12:14:38 UTC 2013 - schwab@suse.de

--- a/glibc-utils.spec
+++ b/glibc-utils.spec
@ -249,6 +249,8 @@ Patch1000:      fcntl-o-tmpfile.patch
 Patch1001:      malloc-overflows.patch
 # PATCH-FIX-UPSTREAM m68k: Use PIC for Scrt1.o
 Patch1002:      m68k-Scrt1.patch
+# PATCH-FIX-UPSTREAM Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458)
+Patch1003:      getaddrinfo-overflow.patch

 ### 
 # Patches awaiting upstream approval
@ -478,6 +480,7 @@ rm nscd/s-stamp
 %patch1000 -p1
 %patch1001 -p1
 %patch1002 -p1
+%patch1003 -p1

 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 
 # %patch2008 -p1
--- a/glibc.changes
+++ b/glibc.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 30 14:05:30 UTC 2013 - schwab@suse.de
+
+- getaddrinfo-overflow.patch: Fix stack overflow due to large AF_INET6
+  requests (CVE-2013-4458, bnc#847227)
+
 -------------------------------------------------------------------
 Mon Oct 21 12:14:38 UTC 2013 - schwab@suse.de

--- a/glibc.spec
+++ b/glibc.spec
@ -250,6 +250,8 @@ Patch1000:      fcntl-o-tmpfile.patch
 Patch1001:      malloc-overflows.patch
 # PATCH-FIX-UPSTREAM m68k: Use PIC for Scrt1.o
 Patch1002:      m68k-Scrt1.patch
+# PATCH-FIX-UPSTREAM Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458)
+Patch1003:      getaddrinfo-overflow.patch

 ### 
 # Patches awaiting upstream approval
@ -478,6 +480,7 @@ rm nscd/s-stamp
 %patch1000 -p1
 %patch1001 -p1
 %patch1002 -p1
+%patch1003 -p1

 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 
 # %patch2008 -p1