From 8f698eb0bf31d6e9f743f7d5b786c612f9a022e7a6bd8c9f9338f0ac1c1a1c13 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Tue, 26 Sep 2023 11:26:02 +0000 Subject: [PATCH] Accepting request 1113655 from home:Andreas_Schwab:Factory - getaddrinfo-memory-leak.patch: Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 (CVE-2023-5156, bsc#1215714, BZ #30884) OBS-URL: https://build.opensuse.org/request/show/1113655 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=673 --- getaddrinfo-memory-leak.patch | 92 +++++++++++++++++++++++++++++++++++ glibc.changes | 6 +++ glibc.spec | 3 ++ 3 files changed, 101 insertions(+) create mode 100644 getaddrinfo-memory-leak.patch diff --git a/getaddrinfo-memory-leak.patch b/getaddrinfo-memory-leak.patch new file mode 100644 index 0000000..b8cc3a8 --- /dev/null +++ b/getaddrinfo-memory-leak.patch @@ -0,0 +1,92 @@ +From ec6b95c3303c700eb89eebeda2d7264cc184a796 Mon Sep 17 00:00:00 2001 +From: Romain Geissler +Date: Mon, 25 Sep 2023 01:21:51 +0100 +Subject: [PATCH] Fix leak in getaddrinfo introduced by the fix for + CVE-2023-4806 [BZ #30843] + +This patch fixes a very recently added leak in getaddrinfo. + +Reviewed-by: Siddhesh Poyarekar +--- + nss/Makefile | 20 ++++++++++++++++++++ + nss/tst-nss-gai-hv2-canonname.c | 3 +++ + sysdeps/posix/getaddrinfo.c | 4 +--- + 3 files changed, 24 insertions(+), 3 deletions(-) + +diff --git a/nss/Makefile b/nss/Makefile +index 8a5126ecf3..668ba34b18 100644 +--- a/nss/Makefile ++++ b/nss/Makefile +@@ -149,6 +149,15 @@ endif + extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \ + nss_test_gai_hv2_canonname.os + ++ifeq ($(run-built-tests),yes) ++ifneq (no,$(PERL)) ++tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out ++endif ++endif ++ ++generated += mtrace-tst-nss-gai-hv2-canonname.out \ ++ tst-nss-gai-hv2-canonname.mtrace ++ + include ../Rules + + ifeq (yes,$(have-selinux)) +@@ -217,6 +226,17 @@ endif + $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so + $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so + ++tst-nss-gai-hv2-canonname-ENV = \ ++ MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \ ++ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so ++$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \ ++ $(objpfx)tst-nss-gai-hv2-canonname.out ++ { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \ ++ || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \ ++ && $(common-objpfx)malloc/mtrace \ ++ $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \ ++ $(evaluate-test) ++ + # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS + # functions can load testing NSS modules via DT_RPATH. + LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags +diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c +index d5f10c07d6..7db53cf09d 100644 +--- a/nss/tst-nss-gai-hv2-canonname.c ++++ b/nss/tst-nss-gai-hv2-canonname.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + #include + #include + #include "nss/tst-nss-gai-hv2-canonname.h" +@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av) + static int + do_test (void) + { ++ mtrace (); ++ + __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); + + struct addrinfo hints = {}; +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 47f421fddf..531124958d 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -1196,9 +1196,7 @@ free_and_return: + if (malloc_name) + free ((char *) name); + free (addrmem); +- if (res.free_at) +- free (res.at); +- free (res.canon); ++ gaih_result_reset (&res); + + return result; + } +-- +2.42.0 + diff --git a/glibc.changes b/glibc.changes index 667713e..97961d0 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Sep 25 07:58:08 UTC 2023 - Andreas Schwab + +- getaddrinfo-memory-leak.patch: Fix leak in getaddrinfo introduced by the + fix for CVE-2023-4806 (CVE-2023-5156, bsc#1215714, BZ #30884) + ------------------------------------------------------------------- Mon Sep 18 08:48:59 UTC 2023 - Andreas Schwab diff --git a/glibc.spec b/glibc.spec index 8c021ad..6882fba 100644 --- a/glibc.spec +++ b/glibc.spec @@ -322,6 +322,8 @@ Patch1008: dtors-reverse-ctor-order.patch Patch1009: no-aaaa-read-overflow.patch # PATCH-FIX-UPSTREAM getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806, BZ #30843) Patch1010: getcanonname-use-after-free.patch +# PATCH-FIX-UPSTREAM Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 (CVE-2023-5156, BZ #30884) +Patch1011: getaddrinfo-memory-leak.patch ### # Patches awaiting upstream approval @@ -555,6 +557,7 @@ library in a cross compilation setting. %patch1008 -p1 %patch1009 -p1 %patch1010 -p1 +%patch1011 -p1 %endif %patch2000 -p1