wok-current rev 17546

glibc: CVE-2015-0235 fix
author Pascal Bellard <pascal.bellard@slitaz.org>
date Thu Jan 29 11:14:15 2015 +0100 (2015-01-29)
parents 30d223dc104f
children 45fa4cc38520
files glibc/receipt glibc/stuff/glibc-2.14.1-CVE-2015-0235.patch
line diff
     1.1 --- a/glibc/receipt	Tue Jan 27 17:35:53 2015 +0100
     1.2 +++ b/glibc/receipt	Thu Jan 29 11:14:15 2015 +0100
     1.3 @@ -26,7 +26,9 @@
     1.4  	# Glibc Bug Sort Relocatable Objects Patch
     1.5  	patch -Np1 -i $stuff/glibc-2.14.1-sort-1.patch
     1.6  	# Fix a bug that prevents Glibc from building with GCC-4.6.2
     1.7 -	patch -Np1 -i stuff/glibc-2.14.1-gcc_fix-1.patch
     1.8 +	patch -Np1 -i $stuff/glibc-2.14.1-gcc_fix-1.patch
     1.9 +	# GHOST
    1.10 +	patch -Np1 -i $stuff/glibc-2.14.1-CVE-2015-0235.patch
    1.11  
    1.12  	# Build in a separate directory.
    1.13  	mkdir ../glibc-build && cd ../glibc-build
    1.14 @@ -92,6 +94,8 @@
    1.15  	patch -Np1 -i $stuff/glibc-2.14-reexport-rpc-interface.patch
    1.16  	# http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=bdd816a3 (only fedora branch...)
    1.17  	patch -Np1 -i $stuff/glibc-2.14-reinstall-nis-rpc-headers.patch
    1.18 +	# GHOST
    1.19 +	patch -Np1 -i $stuff/glibc-2.14.1-CVE-2015-0235.patch
    1.20  
    1.21  	# Fix a stack imbalance that occurs under some conditions:
    1.22  	sed -i '195,213 s/PRIVATE_FUTEX/FUTEX_CLOCK_REALTIME/' \
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/glibc/stuff/glibc-2.14.1-CVE-2015-0235.patch	Thu Jan 29 11:14:15 2015 +0100
     2.3 @@ -0,0 +1,137 @@
     2.4 +CVE-2015-0235 GHOST
     2.5 +From https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
     2.6 +--- glibc-2.14.1/nss/digits_dots.c
     2.7 ++++ glibc-2.14.1/nss/digits_dots.c
     2.8 +@@ -47,7 +47,10 @@
     2.9 +     {
    2.10 +       if (h_errnop)
    2.11 + 	*h_errnop = NETDB_INTERNAL;
    2.12 +-      *result = NULL;
    2.13 ++      if (buffer_size == NULL)
    2.14 ++        *status = NSS_STATUS_TRYAGAIN;
    2.15 ++      else
    2.16 ++        *result = NULL;
    2.17 +       return -1;
    2.18 +     }
    2.19 + 
    2.20 +@@ -84,14 +87,16 @@
    2.21 + 	}
    2.22 + 
    2.23 +       size_needed = (sizeof (*host_addr)
    2.24 +-		     + sizeof (*h_addr_ptrs) + strlen (name) + 1);
    2.25 ++		     sizeof (*h_addr_ptrs)
    2.26 ++		     + sizeof (*h_allias_ptr) + strlen (name) + 1);
    2.27 + 
    2.28 +       if (buffer_size == NULL)
    2.29 +         {
    2.30 + 	  if (buflen < size_needed)
    2.31 + 	    {
    2.32 ++	      *status = NSS_STATUS_TRYAGAIN;
    2.33 + 	      if (h_errnop != NULL)
    2.34 +-		*h_errnop = TRY_AGAIN;
    2.35 ++		*h_errnop = NETDB_INTERNAL;
    2.36 + 	      __set_errno (ERANGE);
    2.37 + 	      goto done;
    2.38 + 	    }
    2.39 +@@ -110,7 +115,7 @@
    2.40 + 	      *buffer_size = 0;
    2.41 + 	      __set_errno (save);
    2.42 + 	      if (h_errnop != NULL)
    2.43 +-		*h_errnop = TRY_AGAIN;
    2.44 ++		*h_errnop = NETDB_INTERNAL;
    2.45 + 	      *result = NULL;
    2.46 + 	      goto done;
    2.47 + 	    }
    2.48 +@@ -150,7 +155,9 @@
    2.49 + 		  if (! ok)
    2.50 + 		    {
    2.51 + 		      *h_errnop = HOST_NOT_FOUND;
    2.52 +-		      if (buffer_size)
    2.53 ++		      if (buffer_size == NULL)
    2.54 ++		        *status = NSS_STATUS_NOTFOUND:
    2.55 ++		      else
    2.56 + 			*result = NULL;
    2.57 + 		      goto done;
    2.58 + 		    }
    2.59 +@@ -202,15 +209,6 @@
    2.60 + 
    2.61 +       if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
    2.62 + 	{
    2.63 +-	  const char *cp;
    2.64 +-	  char *hostname;
    2.65 +-	  typedef unsigned char host_addr_t[16];
    2.66 +-	  host_addr_t *host_addr;
    2.67 +-	  typedef char *host_addr_list_t[2];
    2.68 +-	  host_addr_list_t *h_addr_ptrs;
    2.69 +-	  size_t size_needed;
    2.70 +-	  int addr_size;
    2.71 +-
    2.72 + 	  switch (af)
    2.73 + 	    {
    2.74 + 	    default:
    2.75 +@@ -226,7 +224,10 @@
    2.76 + 	      /* This is not possible.  We cannot represent an IPv6 address
    2.77 + 		 in an `struct in_addr' variable.  */
    2.78 + 	      *h_errnop = HOST_NOT_FOUND;
    2.79 +-	      *result = NULL;
    2.80 ++	      if (buffer_size == NULL)
    2.81 ++	        *status = NSS_STATUS_NOTFOUND;
    2.82 ++	      else
    2.83 ++	        *result = NULL;
    2.84 + 	      goto done;
    2.85 + 
    2.86 + 	    case AF_INET6:
    2.87 +@@ -234,42 +235,6 @@
    2.88 + 	      break;
    2.89 + 	    }
    2.90 + 
    2.91 +-	  size_needed = (sizeof (*host_addr)
    2.92 +-			 + sizeof (*h_addr_ptrs) + strlen (name) + 1);
    2.93 +-
    2.94 +-	  if (buffer_size == NULL && buflen < size_needed)
    2.95 +-	    {
    2.96 +-	      if (h_errnop != NULL)
    2.97 +-		*h_errnop = TRY_AGAIN;
    2.98 +-	      __set_errno (ERANGE);
    2.99 +-	      goto done;
   2.100 +-	    }
   2.101 +-	  else if (buffer_size != NULL && *buffer_size < size_needed)
   2.102 +-	    {
   2.103 +-	      char *new_buf;
   2.104 +-	      *buffer_size = size_needed;
   2.105 +-	      new_buf = realloc (*buffer, *buffer_size);
   2.106 +-
   2.107 +-	      if (new_buf == NULL)
   2.108 +-		{
   2.109 +-		  save = errno;
   2.110 +-		  free (*buffer);
   2.111 +-		  __set_errno (save);
   2.112 +-		  *buffer = NULL;
   2.113 +-		  *buffer_size = 0;
   2.114 +-		  *result = NULL;
   2.115 +-		  goto done;
   2.116 +-		}
   2.117 +-	      *buffer = new_buf;
   2.118 +-	    }
   2.119 +-
   2.120 +-	  memset (*buffer, '\0', size_needed);
   2.121 +-
   2.122 +-	  host_addr = (host_addr_t *) *buffer;
   2.123 +-	  h_addr_ptrs = (host_addr_list_t *)
   2.124 +-	    ((char *) host_addr + sizeof (*host_addr));
   2.125 +-	  hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
   2.126 +-
   2.127 + 	  for (cp = name;; ++cp)
   2.128 + 	    {
   2.129 + 	      if (!*cp)
   2.130 +@@ -282,7 +247,9 @@
   2.131 + 		  if (inet_pton (AF_INET6, name, host_addr) <= 0)
   2.132 + 		    {
   2.133 + 		      *h_errnop = HOST_NOT_FOUND;
   2.134 +-		      if (buffer_size)
   2.135 ++		      if (buffer_size == NULL)
   2.136 ++		        *status = NSS_STATUS_NOTFOUND:
   2.137 ++		      else
   2.138 + 			*result = NULL;
   2.139 + 		      goto done;
   2.140 + 		    }