rpm/glibc
SHA256
1
0
Fork 0
forked from pool/glibc
Code Pull Requests Activity

Accepting request 79220 from home:a_jaeger:branches:openSUSE:Factory

Browse Source 
Fix crash (access-after-free) in dl_lookup_x.  [bnc#703140]

OBS-URL: https://build.opensuse.org/request/show/79220
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=89
This commit is contained in:
Andreas Jaeger 2011-08-18 11:43:18 +00:00 committed by Git OBS Bridge
parent f9d5ef4791
commit 257877d3c3
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
glibc-fix-lookup-crash.patch Normal file
View File

@ -0,0 +1,19 @@
Index: glibc-2.11.3/elf/dl-close.c
===================================================================
--- glibc-2.11.3.orig/elf/dl-close.c 2011-05-27 15:08:23.000000000 +0200
+++ glibc-2.11.3/elf/dl-close.c 2011-07-13 19:28:52.000000000 +0200
@@ -127,7 +127,13 @@ _dl_close_worker (struct link_map *map)
{
struct link_map **oldp = map->l_initfini;
map->l_initfini = map->l_orig_initfini;
- _dl_scope_free (oldp);
+ /* We can't remove the l_initfini memory because
+ it's shared with l_searchlist.r_list. We don't clear
+ the latter so when we dlopen this object again that
+ entry would point to stale memory. And we don't want
+ to recompute it as it would involve a new call to
+ map_object_deps.
+ _dl_scope_free (oldp); */
}
}

6
glibc.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed Aug 17 18:57:00 UTC 2011 - matz@suse.de
- Fix crash (access-after-free) in dl_lookup_x. [bnc#703140]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 17 18:56:03 UTC 2011 - aj@suse.de Wed Aug 17 18:56:03 UTC 2011 - aj@suse.de
@ -29,6 +34,7 @@ Thu Jul 21 12:37:09 UTC 2011 - rhafer@suse.de
- Disable rewriting ::1 to 127.0.0.1 for /etc/hosts entries. - Disable rewriting ::1 to 127.0.0.1 for /etc/hosts entries.
(bnc#684534, bnc#706719) (bnc#684534, bnc#706719)
(patch glibc-fix-double-loopback.diff)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 20 15:04:33 UTC 2011 - lnussel@suse.de Wed Jul 20 15:04:33 UTC 2011 - lnussel@suse.de

3
glibc.spec
View File

@ -194,6 +194,8 @@ Patch65: glibc-fix-double-loopback.diff
Patch66: glibc2.14-revert-sunrpc-removal.patch Patch66: glibc2.14-revert-sunrpc-removal.patch
# PATCH-FIX-OPENSUSE revert seeking on fclose for now bnc#711829 matz@suse.de # PATCH-FIX-OPENSUSE revert seeking on fclose for now bnc#711829 matz@suse.de
Patch67: glibc-revert-fseek-on-fclose.diff Patch67: glibc-revert-fseek-on-fclose.diff
# PATCH-FIX-OPENSUSE Fix crash (access-after-free) in dl_lookup_x bnc#703140 matz@suse.de
Patch68: glibc-fix-lookup-crash.patch
# PATCH-FEATURE-OPENSUSE -- add sha support to crypt_blowfish lnussel@suse.de # PATCH-FEATURE-OPENSUSE -- add sha support to crypt_blowfish lnussel@suse.de
Patch80: crypt_blowfish-1.1-sha.diff Patch80: crypt_blowfish-1.1-sha.diff
@ -420,6 +422,7 @@ rm nscd/s-stamp
%patch65 -p1 %patch65 -p1
%patch66 -p1 %patch66 -p1
%patch67 -p1 %patch67 -p1
%patch68 -p1
# #
# Inconsistency detected by ld.so: dl-close.c: 719: _dl_close: Assertion `map->l_init_called' failed! # Inconsistency detected by ld.so: dl-close.c: 719: _dl_close: Assertion `map->l_init_called' failed!