summaryrefslogtreecommitdiffstats
path: root/patches/source/glibc/glibc-2.17_CVE-2013-4458.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/glibc/glibc-2.17_CVE-2013-4458.diff')
-rw-r--r--patches/source/glibc/glibc-2.17_CVE-2013-4458.diff52
1 files changed, 52 insertions, 0 deletions
diff --git a/patches/source/glibc/glibc-2.17_CVE-2013-4458.diff b/patches/source/glibc/glibc-2.17_CVE-2013-4458.diff
new file mode 100644
index 000000000..7ed5789f2
--- /dev/null
+++ b/patches/source/glibc/glibc-2.17_CVE-2013-4458.diff
@@ -0,0 +1,52 @@
+From f17988489a32f6c1308474bd7b408299646e0777 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Fri, 25 Oct 2013
+Subject: CVE-2013-4458
+
+Stack overflow in getaddrinfo (AF_INET6 case) with many
+results has been fixed. Different from CVE-2013-1914.
+
+---
+This patch was adapted for glibc 2.17 based on:
+https://sourceware.org/git/?p=glibc.git;a=commit;h=7cbcdb369958
+---
+
+ getaddrinfo.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -196,7 +196,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ &rc, &herrno, NULL, &localcanon)); \
+ if (rc != ERANGE || herrno != NETDB_INTERNAL) \
+ break; \
+- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \
++ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \
++ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \
++ alloca_used); \
++ else \
++ { \
++ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \
++ 2 * tmpbuflen); \
++ if (newp == NULL) \
++ { \
++ result = -EAI_MEMORY; \
++ goto free_and_return; \
++ } \
++ tmpbuf = newp; \
++ malloc_tmpbuf = true; \
++ tmpbuflen = 2 * tmpbuflen; \
++ } \
+ } \
+ if (status == NSS_STATUS_SUCCESS && rc == 0) \
+ h = &th; \
+@@ -208,7 +223,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ { \
+ __set_h_errno (herrno); \
+ _res.options |= old_res_options & RES_USE_INET6; \
+- return -EAI_SYSTEM; \
++ result = -EAI_SYSTEM; \
++ goto free_and_return; \
+ } \
+ if (herrno == TRY_AGAIN) \
+ no_data = EAI_AGAIN; \