Accepting request 652421 from home:Andreas_Schwab:Factory

- if-nametoindex-descr-leak.patch: if_nametoindex: Fix descriptor leak for overlong name (CVE-2018-19591, BZ #23927, bsc#1117603) OBS-URL: https://build.opensuse.org/request/show/652421 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=514
2018-11-28 13:22:17 +00:00 · 2018-11-28 13:22:17 +00:00 · d0ecab50fd
commit d0ecab50fd
parent 5876829c6a
3 changed files with 45 additions and 0 deletions
--- a/glibc.changes
+++ b/glibc.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Nov 28 09:52:49 UTC 2018 - schwab@suse.de
+
+- if-nametoindex-descr-leak.patch: if_nametoindex: Fix descriptor leak for
+  overlong name (CVE-2018-19591, BZ #23927, bsc#1117603)
+
 -------------------------------------------------------------------
 Wed Nov  7 17:24:35 UTC 2018 - Jan Engelhardt <jengelh@inai.de>

--- a/glibc.spec
+++ b/glibc.spec
@ -290,6 +290,8 @@ Patch1008:      strstr-huge-needle.patch
 Patch1009:      pthread-mutex-lock-elision-race.patch
 # PATCH-FIX-UPSTREAM x86: Fix Haswell CPU string flags (BZ #23709)
 Patch1010:      x86-haswell-string-flags.patch
+# PATCH-FIX-UPSTREAM if_nametoindex: Fix descriptor leak for overlong name (CVE-2018-19591, BZ #23927)
+Patch1011:      if-nametoindex-descr-leak.patch

 ### 
 # Patches awaiting upstream approval
@ -510,6 +512,7 @@ makedb: A program to create a database for nss
 %patch1008 -p1
 %patch1009 -p1
 %patch1010 -p1
+%patch1011 -p1

 %patch2000 -p1
 %patch2004 -p1
--- a/if-nametoindex-descr-leak.patch
+++ b/if-nametoindex-descr-leak.patch
@ -0,0 +1,36 @@
+2018-11-27  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #23927]
+	CVE-2018-19591
+	* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Avoid
+	descriptor leak in case of ENODEV error.
+
+Index: glibc-2.28/sysdeps/unix/sysv/linux/if_index.c
+===================================================================
+--- glibc-2.28.orig/sysdeps/unix/sysv/linux/if_index.c
+++ glibc-2.28/sysdeps/unix/sysv/linux/if_index.c
+@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
+   return 0;
+ #else
+   struct ifreq ifr;
+-  int fd = __opensock ();
+-
+-  if (fd < 0)
+-    return 0;
+-
+   if (strlen (ifname) >= IFNAMSIZ)
+     {
+       __set_errno (ENODEV);
+@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
+     }
+ 
+   strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+
+  int fd = __opensock ();
+
+  if (fd < 0)
+    return 0;
+
+   if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
+     {
+       int saved_errno = errno;