From c0c9ae0337b004dd32dc4572c8691bad8b87192ac1e70d2d4be3e8e236ec0ee3 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Mon, 12 May 2014 14:47:07 +0000 Subject: [PATCH] Accepting request 233621 from home:Andreas_Schwab:Factory - nss-nis-stack-use.patch: fix unbound stack use in NIS NSS module (BZ #16932) OBS-URL: https://build.opensuse.org/request/show/233621 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=365 --- glibc-testsuite.changes | 6 +++ glibc-testsuite.spec | 3 ++ glibc-utils.changes | 6 +++ glibc-utils.spec | 3 ++ glibc.changes | 6 +++ glibc.spec | 3 ++ nss-nis-stack-use.patch | 111 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 138 insertions(+) create mode 100644 nss-nis-stack-use.patch diff --git a/glibc-testsuite.changes b/glibc-testsuite.changes index 846e111..d14dedd1 100644 --- a/glibc-testsuite.changes +++ b/glibc-testsuite.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon May 12 13:22:40 UTC 2014 - schwab@suse.de + +- nss-nis-stack-use.patch: fix unbound stack use in NIS NSS module (BZ + #16932) + ------------------------------------------------------------------- Wed May 7 10:13:24 UTC 2014 - schwab@suse.de diff --git a/glibc-testsuite.spec b/glibc-testsuite.spec index 1bd53a8..89a7165 100644 --- a/glibc-testsuite.spec +++ b/glibc-testsuite.spec @@ -254,6 +254,8 @@ Patch1009: ibm-long-double-math.patch Patch1010: ibm-long-double-frexpl.patch # PATCH-FIX-UPSTREAM Fix aarch64 setcontext clobbering alternate signal stack (BZ #16629) Patch1011: aarch64-setcontext.patch +# PATCH-FIX-UPSTREAM Fix unbound stack use in NIS NSS module (BZ #16932) +Patch1012: nss-nis-stack-use.patch ### # Patches awaiting upstream approval @@ -480,6 +482,7 @@ rm nscd/s-stamp %patch1009 -p1 %patch1010 -p1 %patch1011 -p1 +%patch1012 -p1 %patch2000 -p1 %patch2001 -p1 diff --git a/glibc-utils.changes b/glibc-utils.changes index 846e111..d14dedd1 100644 --- a/glibc-utils.changes +++ b/glibc-utils.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon May 12 13:22:40 UTC 2014 - schwab@suse.de + +- nss-nis-stack-use.patch: fix unbound stack use in NIS NSS module (BZ + #16932) + ------------------------------------------------------------------- Wed May 7 10:13:24 UTC 2014 - schwab@suse.de diff --git a/glibc-utils.spec b/glibc-utils.spec index 03d3165..fd7a8f3 100644 --- a/glibc-utils.spec +++ b/glibc-utils.spec @@ -253,6 +253,8 @@ Patch1009: ibm-long-double-math.patch Patch1010: ibm-long-double-frexpl.patch # PATCH-FIX-UPSTREAM Fix aarch64 setcontext clobbering alternate signal stack (BZ #16629) Patch1011: aarch64-setcontext.patch +# PATCH-FIX-UPSTREAM Fix unbound stack use in NIS NSS module (BZ #16932) +Patch1012: nss-nis-stack-use.patch ### # Patches awaiting upstream approval @@ -480,6 +482,7 @@ rm nscd/s-stamp %patch1009 -p1 %patch1010 -p1 %patch1011 -p1 +%patch1012 -p1 %patch2000 -p1 %patch2001 -p1 diff --git a/glibc.changes b/glibc.changes index 846e111..d14dedd1 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon May 12 13:22:40 UTC 2014 - schwab@suse.de + +- nss-nis-stack-use.patch: fix unbound stack use in NIS NSS module (BZ + #16932) + ------------------------------------------------------------------- Wed May 7 10:13:24 UTC 2014 - schwab@suse.de diff --git a/glibc.spec b/glibc.spec index 1673831..4bc0abc 100644 --- a/glibc.spec +++ b/glibc.spec @@ -254,6 +254,8 @@ Patch1009: ibm-long-double-math.patch Patch1010: ibm-long-double-frexpl.patch # PATCH-FIX-UPSTREAM Fix aarch64 setcontext clobbering alternate signal stack (BZ #16629) Patch1011: aarch64-setcontext.patch +# PATCH-FIX-UPSTREAM Fix unbound stack use in NIS NSS module (BZ #16932) +Patch1012: nss-nis-stack-use.patch ### # Patches awaiting upstream approval @@ -480,6 +482,7 @@ rm nscd/s-stamp %patch1009 -p1 %patch1010 -p1 %patch1011 -p1 +%patch1012 -p1 %patch2000 -p1 %patch2001 -p1 diff --git a/nss-nis-stack-use.patch b/nss-nis-stack-use.patch new file mode 100644 index 0000000..6d0309f --- /dev/null +++ b/nss-nis-stack-use.patch @@ -0,0 +1,111 @@ +2014-05-12 Andreas Schwab + + [BZ #16932] + * nis/nss_nis/nis-hosts.c (internal_gethostbyname2_r) + (_nss_nis_gethostbyname4_r): Return error if item length is larger + than maximum RPC packet size. + * nis/nss_nis/nis-initgroups.c (initgroups_netid): Likewise. + * nis/nss_nis/nis-network.c (_nss_nis_getnetbyname_r): Likewise. + * nis/nss_nis/nis-service.c (_nss_nis_getservbyname_r) + (_nss_nis_getservbyport_r): Likewise. + +Index: glibc-2.19/nis/nss_nis/nis-hosts.c +=================================================================== +--- glibc-2.19.orig/nis/nss_nis/nis-hosts.c ++++ glibc-2.19/nis/nss_nis/nis-hosts.c +@@ -270,6 +270,13 @@ internal_gethostbyname2_r (const char *n + + /* Convert name to lowercase. */ + size_t namlen = strlen (name); ++ /* Limit name length to the maximum size of an RPC packet. */ ++ if (namlen > UDPMSGSIZE) ++ { ++ *errnop = ERANGE; ++ return NSS_STATUS_UNAVAIL; ++ } ++ + char name2[namlen + 1]; + size_t i; + +@@ -461,6 +468,13 @@ _nss_nis_gethostbyname4_r (const char *n + + /* Convert name to lowercase. */ + size_t namlen = strlen (name); ++ /* Limit name length to the maximum size of an RPC packet. */ ++ if (namlen > UDPMSGSIZE) ++ { ++ *errnop = ERANGE; ++ return NSS_STATUS_UNAVAIL; ++ } ++ + char name2[namlen + 1]; + size_t i; + +Index: glibc-2.19/nis/nss_nis/nis-initgroups.c +=================================================================== +--- glibc-2.19.orig/nis/nss_nis/nis-initgroups.c ++++ glibc-2.19/nis/nss_nis/nis-initgroups.c +@@ -150,6 +150,13 @@ initgroups_netid (uid_t uid, gid_t group + gid_t **groupsp, long int limit, int *errnop, + const char *domainname) + { ++ /* Limit domainname length to the maximum size of an RPC packet. */ ++ if (strlen (domainname) > UDPMSGSIZE) ++ { ++ *errnop = ERANGE; ++ return NSS_STATUS_UNAVAIL; ++ } ++ + /* Prepare the key. The form is "unix.UID@DOMAIN" with the UID and + DOMAIN field filled in appropriately. */ + char key[sizeof ("unix.@") + sizeof (uid_t) * 3 + strlen (domainname)]; +Index: glibc-2.19/nis/nss_nis/nis-network.c +=================================================================== +--- glibc-2.19.orig/nis/nss_nis/nis-network.c ++++ glibc-2.19/nis/nss_nis/nis-network.c +@@ -179,6 +179,13 @@ _nss_nis_getnetbyname_r (const char *nam + + /* Convert name to lowercase. */ + size_t namlen = strlen (name); ++ /* Limit name length to the maximum size of an RPC packet. */ ++ if (namlen > UDPMSGSIZE) ++ { ++ *errnop = ERANGE; ++ return NSS_STATUS_UNAVAIL; ++ } ++ + char name2[namlen + 1]; + size_t i; + +Index: glibc-2.19/nis/nss_nis/nis-service.c +=================================================================== +--- glibc-2.19.orig/nis/nss_nis/nis-service.c ++++ glibc-2.19/nis/nss_nis/nis-service.c +@@ -271,6 +271,13 @@ _nss_nis_getservbyname_r (const char *na + /* If the protocol is given, we could try if our NIS server knows + about services.byservicename map. If yes, we only need one query. */ + size_t keylen = strlen (name) + (protocol ? 1 + strlen (protocol) : 0); ++ /* Limit key length to the maximum size of an RPC packet. */ ++ if (keylen > UDPMSGSIZE) ++ { ++ *errnop = ERANGE; ++ return NSS_STATUS_UNAVAIL; ++ } ++ + char key[keylen + 1]; + + /* key is: "name/proto" */ +@@ -355,6 +362,13 @@ _nss_nis_getservbyport_r (int port, cons + Otherwise try first port/tcp, then port/udp and then fallback + to sequential scanning of services.byname. */ + const char *proto = protocol != NULL ? protocol : "tcp"; ++ /* Limit protocol name length to the maximum size of an RPC packet. */ ++ if (strlen (proto) > UDPMSGSIZE) ++ { ++ *errnop = ERANGE; ++ return NSS_STATUS_UNAVAIL; ++ } ++ + do + { + /* key is: "port/proto" */