Accepting request 233621 from home:Andreas_Schwab:Factory

- nss-nis-stack-use.patch: fix unbound stack use in NIS NSS module (BZ #16932) OBS-URL: https://build.opensuse.org/request/show/233621 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=365
2014-05-12 14:47:07 +00:00 · 2014-05-12 14:47:07 +00:00 · c0c9ae0337
commit c0c9ae0337
parent cc8c150f76
7 changed files with 138 additions and 0 deletions
--- a/glibc-testsuite.changes
+++ b/glibc-testsuite.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May 12 13:22:40 UTC 2014 - schwab@suse.de
+
+- nss-nis-stack-use.patch: fix unbound stack use in NIS NSS module (BZ
+  #16932)
+
 -------------------------------------------------------------------
 Wed May  7 10:13:24 UTC 2014 - schwab@suse.de

--- a/glibc-testsuite.spec
+++ b/glibc-testsuite.spec
@ -254,6 +254,8 @@ Patch1009:      ibm-long-double-math.patch
 Patch1010:      ibm-long-double-frexpl.patch
 # PATCH-FIX-UPSTREAM Fix aarch64 setcontext clobbering alternate signal stack (BZ #16629)
 Patch1011:      aarch64-setcontext.patch
+# PATCH-FIX-UPSTREAM Fix unbound stack use in NIS NSS module (BZ #16932)
+Patch1012:      nss-nis-stack-use.patch

 ### 
 # Patches awaiting upstream approval
@ -480,6 +482,7 @@ rm nscd/s-stamp
 %patch1009 -p1
 %patch1010 -p1
 %patch1011 -p1
+%patch1012 -p1

 %patch2000 -p1
 %patch2001 -p1
--- a/glibc-utils.changes
+++ b/glibc-utils.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May 12 13:22:40 UTC 2014 - schwab@suse.de
+
+- nss-nis-stack-use.patch: fix unbound stack use in NIS NSS module (BZ
+  #16932)
+
 -------------------------------------------------------------------
 Wed May  7 10:13:24 UTC 2014 - schwab@suse.de

--- a/glibc-utils.spec
+++ b/glibc-utils.spec
@ -253,6 +253,8 @@ Patch1009:      ibm-long-double-math.patch
 Patch1010:      ibm-long-double-frexpl.patch
 # PATCH-FIX-UPSTREAM Fix aarch64 setcontext clobbering alternate signal stack (BZ #16629)
 Patch1011:      aarch64-setcontext.patch
+# PATCH-FIX-UPSTREAM Fix unbound stack use in NIS NSS module (BZ #16932)
+Patch1012:      nss-nis-stack-use.patch

 ### 
 # Patches awaiting upstream approval
@ -480,6 +482,7 @@ rm nscd/s-stamp
 %patch1009 -p1
 %patch1010 -p1
 %patch1011 -p1
+%patch1012 -p1

 %patch2000 -p1
 %patch2001 -p1
--- a/glibc.changes
+++ b/glibc.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May 12 13:22:40 UTC 2014 - schwab@suse.de
+
+- nss-nis-stack-use.patch: fix unbound stack use in NIS NSS module (BZ
+  #16932)
+
 -------------------------------------------------------------------
 Wed May  7 10:13:24 UTC 2014 - schwab@suse.de

--- a/glibc.spec
+++ b/glibc.spec
@ -254,6 +254,8 @@ Patch1009:      ibm-long-double-math.patch
 Patch1010:      ibm-long-double-frexpl.patch
 # PATCH-FIX-UPSTREAM Fix aarch64 setcontext clobbering alternate signal stack (BZ #16629)
 Patch1011:      aarch64-setcontext.patch
+# PATCH-FIX-UPSTREAM Fix unbound stack use in NIS NSS module (BZ #16932)
+Patch1012:      nss-nis-stack-use.patch

 ### 
 # Patches awaiting upstream approval
@ -480,6 +482,7 @@ rm nscd/s-stamp
 %patch1009 -p1
 %patch1010 -p1
 %patch1011 -p1
+%patch1012 -p1

 %patch2000 -p1
 %patch2001 -p1
--- a/nss-nis-stack-use.patch
+++ b/nss-nis-stack-use.patch
@ -0,0 +1,111 @@
+2014-05-12  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #16932]
+	* nis/nss_nis/nis-hosts.c (internal_gethostbyname2_r)
+	(_nss_nis_gethostbyname4_r): Return error if item length is larger
+	than maximum RPC packet size.
+	* nis/nss_nis/nis-initgroups.c (initgroups_netid): Likewise.
+	* nis/nss_nis/nis-network.c (_nss_nis_getnetbyname_r): Likewise.
+	* nis/nss_nis/nis-service.c (_nss_nis_getservbyname_r)
+	(_nss_nis_getservbyport_r): Likewise.
+
+Index: glibc-2.19/nis/nss_nis/nis-hosts.c
+===================================================================
+--- glibc-2.19.orig/nis/nss_nis/nis-hosts.c
+++ glibc-2.19/nis/nss_nis/nis-hosts.c
+@@ -270,6 +270,13 @@ internal_gethostbyname2_r (const char *n
+ 
+   /* Convert name to lowercase.  */
+   size_t namlen = strlen (name);
+  /* Limit name length to the maximum size of an RPC packet.  */
+  if (namlen > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
+   char name2[namlen + 1];
+   size_t i;
+ 
+@@ -461,6 +468,13 @@ _nss_nis_gethostbyname4_r (const char *n
+ 
+   /* Convert name to lowercase.  */
+   size_t namlen = strlen (name);
+  /* Limit name length to the maximum size of an RPC packet.  */
+  if (namlen > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
+   char name2[namlen + 1];
+   size_t i;
+ 
+Index: glibc-2.19/nis/nss_nis/nis-initgroups.c
+===================================================================
+--- glibc-2.19.orig/nis/nss_nis/nis-initgroups.c
+++ glibc-2.19/nis/nss_nis/nis-initgroups.c
+@@ -150,6 +150,13 @@ initgroups_netid (uid_t uid, gid_t group
+ 		  gid_t **groupsp, long int limit, int *errnop,
+ 		  const char *domainname)
+ {
+  /* Limit domainname length to the maximum size of an RPC packet.  */
+  if (strlen (domainname) > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
+   /* Prepare the key.  The form is "unix.UID@DOMAIN" with the UID and
+      DOMAIN field filled in appropriately.  */
+   char key[sizeof ("unix.@") + sizeof (uid_t) * 3 + strlen (domainname)];
+Index: glibc-2.19/nis/nss_nis/nis-network.c
+===================================================================
+--- glibc-2.19.orig/nis/nss_nis/nis-network.c
+++ glibc-2.19/nis/nss_nis/nis-network.c
+@@ -179,6 +179,13 @@ _nss_nis_getnetbyname_r (const char *nam
+ 
+   /* Convert name to lowercase.  */
+   size_t namlen = strlen (name);
+  /* Limit name length to the maximum size of an RPC packet.  */
+  if (namlen > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
+   char name2[namlen + 1];
+   size_t i;
+ 
+Index: glibc-2.19/nis/nss_nis/nis-service.c
+===================================================================
+--- glibc-2.19.orig/nis/nss_nis/nis-service.c
+++ glibc-2.19/nis/nss_nis/nis-service.c
+@@ -271,6 +271,13 @@ _nss_nis_getservbyname_r (const char *na
+   /* If the protocol is given, we could try if our NIS server knows
+      about services.byservicename map. If yes, we only need one query.  */
+   size_t keylen = strlen (name) + (protocol ? 1 + strlen (protocol) : 0);
+  /* Limit key length to the maximum size of an RPC packet.  */
+  if (keylen > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
+   char key[keylen + 1];
+ 
+   /* key is: "name/proto" */
+@@ -355,6 +362,13 @@ _nss_nis_getservbyport_r (int port, cons
+      Otherwise try first port/tcp, then port/udp and then fallback
+      to sequential scanning of services.byname.  */
+   const char *proto = protocol != NULL ? protocol : "tcp";
+  /* Limit protocol name length to the maximum size of an RPC packet.  */
+  if (strlen (proto) > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
+   do
+     {
+       /* key is: "port/proto" */