wok-stable view glibc/stuff/glibc-2.13-CVE-2015-0235.patch @ rev 12447
glibc: CVE-2015-0235 fix (again)
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Thu Jan 29 13:01:13 2015 +0100 (2015-01-29) |
| parents | 18a6783e147f |
| children | 2b274e36aea3 |
line source
1 CVE-2015-0235 GHOST
2 From https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
3 --- glibc-2.13/nss/digits_dots.c
4 +++ glibc-2.13/nss/digits_dots.c
5 @@ -47,7 +47,10 @@
6 {
7 if (h_errnop)
8 *h_errnop = NETDB_INTERNAL;
9 - *result = NULL;
10 + if (buffer_size == NULL)
11 + *status = NSS_STATUS_TRYAGAIN;
12 + else
13 + *result = NULL;
14 return -1;
15 }
17 @@ -90,8 +93,9 @@
18 {
19 if (buflen < size_needed)
20 {
21 + *status = NSS_STATUS_TRYAGAIN;
22 if (h_errnop != NULL)
23 - *h_errnop = TRY_AGAIN;
24 + *h_errnop = NETDB_INTERNAL;
25 __set_errno (ERANGE);
26 goto done;
27 }
28 @@ -110,7 +114,7 @@
29 *buffer_size = 0;
30 __set_errno (save);
31 if (h_errnop != NULL)
32 - *h_errnop = TRY_AGAIN;
33 + *h_errnop = NETDB_INTERNAL;
34 *result = NULL;
35 goto done;
36 }
37 @@ -150,7 +154,9 @@
38 if (! ok)
39 {
40 *h_errnop = HOST_NOT_FOUND;
41 - if (buffer_size)
42 + if (buffer_size == NULL)
43 + *status = NSS_STATUS_NOTFOUND;
44 + else
45 *result = NULL;
46 goto done;
47 }
48 @@ -202,15 +208,6 @@
50 if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
51 {
52 - const char *cp;
53 - char *hostname;
54 - typedef unsigned char host_addr_t[16];
55 - host_addr_t *host_addr;
56 - typedef char *host_addr_list_t[2];
57 - host_addr_list_t *h_addr_ptrs;
58 - size_t size_needed;
59 - int addr_size;
60 -
61 switch (af)
62 {
63 default:
64 @@ -226,7 +223,10 @@
65 /* This is not possible. We cannot represent an IPv6 address
66 in an `struct in_addr' variable. */
67 *h_errnop = HOST_NOT_FOUND;
68 - *result = NULL;
69 + if (buffer_size == NULL)
70 + *status = NSS_STATUS_NOTFOUND;
71 + else
72 + *result = NULL;
73 goto done;
75 case AF_INET6:
76 @@ -234,42 +234,6 @@
77 break;
78 }
80 - size_needed = (sizeof (*host_addr)
81 - + sizeof (*h_addr_ptrs) + strlen (name) + 1);
82 -
83 - if (buffer_size == NULL && buflen < size_needed)
84 - {
85 - if (h_errnop != NULL)
86 - *h_errnop = TRY_AGAIN;
87 - __set_errno (ERANGE);
88 - goto done;
89 - }
90 - else if (buffer_size != NULL && *buffer_size < size_needed)
91 - {
92 - char *new_buf;
93 - *buffer_size = size_needed;
94 - new_buf = realloc (*buffer, *buffer_size);
95 -
96 - if (new_buf == NULL)
97 - {
98 - save = errno;
99 - free (*buffer);
100 - __set_errno (save);
101 - *buffer = NULL;
102 - *buffer_size = 0;
103 - *result = NULL;
104 - goto done;
105 - }
106 - *buffer = new_buf;
107 - }
108 -
109 - memset (*buffer, '\0', size_needed);
110 -
111 - host_addr = (host_addr_t *) *buffer;
112 - h_addr_ptrs = (host_addr_list_t *)
113 - ((char *) host_addr + sizeof (*host_addr));
114 - hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
115 -
116 for (cp = name;; ++cp)
117 {
118 if (!*cp)
119 @@ -282,7 +246,9 @@
120 if (inet_pton (AF_INET6, name, host_addr) <= 0)
121 {
122 *h_errnop = HOST_NOT_FOUND;
123 - if (buffer_size)
124 + if (buffer_size == NULL)
125 + *status = NSS_STATUS_NOTFOUND;
126 + else
127 *result = NULL;
128 goto done;
129 }