pool/glibc
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 652421 from home:Andreas_Schwab:Factory

Browse Source 
- if-nametoindex-descr-leak.patch: if_nametoindex: Fix descriptor leak for
  overlong name (CVE-2018-19591, BZ #23927, bsc#1117603)

OBS-URL: https://build.opensuse.org/request/show/652421
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=514
This commit is contained in:
Andreas Schwab 2018-11-28 13:22:17 +00:00 committed by Git OBS Bridge
parent 5876829c6a
commit d0ecab50fd
3 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
glibc.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Nov 28 09:52:49 UTC 2018 - schwab@suse.de
- if-nametoindex-descr-leak.patch: if_nametoindex: Fix descriptor leak for
overlong name (CVE-2018-19591, BZ #23927, bsc#1117603)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 7 17:24:35 UTC 2018 - Jan Engelhardt <jengelh@inai.de> Wed Nov 7 17:24:35 UTC 2018 - Jan Engelhardt <jengelh@inai.de>

3
glibc.spec
View File

@ -290,6 +290,8 @@ Patch1008: strstr-huge-needle.patch
Patch1009: pthread-mutex-lock-elision-race.patch Patch1009: pthread-mutex-lock-elision-race.patch
# PATCH-FIX-UPSTREAM x86: Fix Haswell CPU string flags (BZ #23709) # PATCH-FIX-UPSTREAM x86: Fix Haswell CPU string flags (BZ #23709)
Patch1010: x86-haswell-string-flags.patch Patch1010: x86-haswell-string-flags.patch
# PATCH-FIX-UPSTREAM if_nametoindex: Fix descriptor leak for overlong name (CVE-2018-19591, BZ #23927)
Patch1011: if-nametoindex-descr-leak.patch
### ###
# Patches awaiting upstream approval # Patches awaiting upstream approval
@ -510,6 +512,7 @@ makedb: A program to create a database for nss
%patch1008 -p1 %patch1008 -p1
%patch1009 -p1 %patch1009 -p1
%patch1010 -p1 %patch1010 -p1
%patch1011 -p1
%patch2000 -p1 %patch2000 -p1
%patch2004 -p1 %patch2004 -p1

36
if-nametoindex-descr-leak.patch Normal file
View File

@ -0,0 +1,36 @@
2018-11-27 Florian Weimer <fweimer@redhat.com>
[BZ #23927]
CVE-2018-19591
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Avoid
descriptor leak in case of ENODEV error.
Index: glibc-2.28/sysdeps/unix/sysv/linux/if_index.c
===================================================================
--- glibc-2.28.orig/sysdeps/unix/sysv/linux/if_index.c
+++ glibc-2.28/sysdeps/unix/sysv/linux/if_index.c
@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
return 0;
#else
struct ifreq ifr;
- int fd = __opensock ();
-
- if (fd < 0)
- return 0;
-
if (strlen (ifname) >= IFNAMSIZ)
{
__set_errno (ENODEV);
@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
}
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+
+ int fd = __opensock ();
+
+ if (fd < 0)
+ return 0;
+
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{
int saved_errno = errno;