diff options
Diffstat (limited to '')
-rw-r--r-- | patches/source/glibc/glibc-2.17_CVE-2013-4458.diff | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/patches/source/glibc/glibc-2.17_CVE-2013-4458.diff b/patches/source/glibc/glibc-2.17_CVE-2013-4458.diff new file mode 100644 index 000000000..7ed5789f2 --- /dev/null +++ b/patches/source/glibc/glibc-2.17_CVE-2013-4458.diff @@ -0,0 +1,52 @@ +From f17988489a32f6c1308474bd7b408299646e0777 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Fri, 25 Oct 2013 +Subject: CVE-2013-4458 + +Stack overflow in getaddrinfo (AF_INET6 case) with many +results has been fixed. Different from CVE-2013-1914. + +--- +This patch was adapted for glibc 2.17 based on: +https://sourceware.org/git/?p=glibc.git;a=commit;h=7cbcdb369958 +--- + + getaddrinfo.c | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -196,7 +196,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + &rc, &herrno, NULL, &localcanon)); \ + if (rc != ERANGE || herrno != NETDB_INTERNAL) \ + break; \ +- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \ ++ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \ ++ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \ ++ alloca_used); \ ++ else \ ++ { \ ++ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \ ++ 2 * tmpbuflen); \ ++ if (newp == NULL) \ ++ { \ ++ result = -EAI_MEMORY; \ ++ goto free_and_return; \ ++ } \ ++ tmpbuf = newp; \ ++ malloc_tmpbuf = true; \ ++ tmpbuflen = 2 * tmpbuflen; \ ++ } \ + } \ + if (status == NSS_STATUS_SUCCESS && rc == 0) \ + h = &th; \ +@@ -208,7 +223,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + { \ + __set_h_errno (herrno); \ + _res.options |= old_res_options & RES_USE_INET6; \ +- return -EAI_SYSTEM; \ ++ result = -EAI_SYSTEM; \ ++ goto free_and_return; \ + } \ + if (herrno == TRY_AGAIN) \ + no_data = EAI_AGAIN; \ |