Andreas Schwab
d0ecab50fd
- if-nametoindex-descr-leak.patch: if_nametoindex: Fix descriptor leak for overlong name (CVE-2018-19591, BZ #23927, bsc#1117603) OBS-URL: https://build.opensuse.org/request/show/652421 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=514
37 lines
914 B
Diff
37 lines
914 B
Diff
2018-11-27 Florian Weimer <fweimer@redhat.com>
|
|
|
|
[BZ #23927]
|
|
CVE-2018-19591
|
|
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Avoid
|
|
descriptor leak in case of ENODEV error.
|
|
|
|
Index: glibc-2.28/sysdeps/unix/sysv/linux/if_index.c
|
|
===================================================================
|
|
--- glibc-2.28.orig/sysdeps/unix/sysv/linux/if_index.c
|
|
+++ glibc-2.28/sysdeps/unix/sysv/linux/if_index.c
|
|
@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
|
|
return 0;
|
|
#else
|
|
struct ifreq ifr;
|
|
- int fd = __opensock ();
|
|
-
|
|
- if (fd < 0)
|
|
- return 0;
|
|
-
|
|
if (strlen (ifname) >= IFNAMSIZ)
|
|
{
|
|
__set_errno (ENODEV);
|
|
@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
|
|
}
|
|
|
|
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
|
|
+
|
|
+ int fd = __opensock ();
|
|
+
|
|
+ if (fd < 0)
|
|
+ return 0;
|
|
+
|
|
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
|
|
{
|
|
int saved_errno = errno;
|