File glibc-fix-CVE-2015-0235.patch of Package glibc
From d5dd6189d506068ed11c8bfa1e1e9bffde04decd Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Mon, 21 Jan 2013 17:41:28 +0100
Subject: [PATCH] Fix parsing of numeric hosts in gethostbyname_r
---
ChangeLog | 14 ++++++++++
NEWS | 12 ++++-----
nss/Makefile | 2 +-
nss/digits_dots.c | 73 ++++++++++++++------------------------------------
nss/getXXbyYY_r.c | 5 +++-
nss/test-digits-dots.c | 38 ++++++++++++++++++++++++++
6 files changed, 83 insertions(+), 61 deletions(-)
create mode 100644 nss/test-digits-dots.c
Index: glibc-2.10.1/nss/Makefile
===================================================================
--- glibc-2.10.1.orig/nss/Makefile
+++ glibc-2.10.1/nss/Makefile
@@ -39,7 +39,7 @@ databases = proto service hosts network
others := getent
install-bin := getent
-tests = test-netdb
+tests = test-netdb test-digits-dots
xtests = bug-erange
include ../Makeconfig
Index: glibc-2.10.1/nss/digits_dots.c
===================================================================
--- glibc-2.10.1.orig/nss/digits_dots.c
+++ glibc-2.10.1/nss/digits_dots.c
@@ -47,7 +47,10 @@ __nss_hostname_digits_dots (const char *
{
if (h_errnop)
*h_errnop = NETDB_INTERNAL;
- *result = NULL;
+ if (buffer_size == NULL)
+ *status = NSS_STATUS_TRYAGAIN;
+ else
+ *result = NULL;
return -1;
}
@@ -84,14 +87,16 @@ __nss_hostname_digits_dots (const char *
}
size_needed = (sizeof (*host_addr)
- + sizeof (*h_addr_ptrs) + strlen (name) + 1);
+ + sizeof (*h_addr_ptrs)
+ + sizeof (*h_alias_ptr) + strlen (name) + 1);
if (buffer_size == NULL)
{
if (buflen < size_needed)
{
+ *status = NSS_STATUS_TRYAGAIN;
if (h_errnop != NULL)
- *h_errnop = TRY_AGAIN;
+ *h_errnop = NETDB_INTERNAL;
__set_errno (ERANGE);
goto done;
}
@@ -110,7 +115,7 @@ __nss_hostname_digits_dots (const char *
*buffer_size = 0;
__set_errno (save);
if (h_errnop != NULL)
- *h_errnop = TRY_AGAIN;
+ *h_errnop = NETDB_INTERNAL;
*result = NULL;
goto done;
}
@@ -150,7 +155,9 @@ __nss_hostname_digits_dots (const char *
if (! ok)
{
*h_errnop = HOST_NOT_FOUND;
- if (buffer_size)
+ if (buffer_size == NULL)
+ *status = NSS_STATUS_NOTFOUND;
+ else
*result = NULL;
goto done;
}
@@ -191,7 +198,7 @@ __nss_hostname_digits_dots (const char *
if (buffer_size == NULL)
*status = NSS_STATUS_SUCCESS;
else
- *result = resbuf;
+ *result = resbuf;
goto done;
}
@@ -202,15 +209,6 @@ __nss_hostname_digits_dots (const char *
if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
{
- const char *cp;
- char *hostname;
- typedef unsigned char host_addr_t[16];
- host_addr_t *host_addr;
- typedef char *host_addr_list_t[2];
- host_addr_list_t *h_addr_ptrs;
- size_t size_needed;
- int addr_size;
-
switch (af)
{
default:
@@ -226,7 +224,10 @@ __nss_hostname_digits_dots (const char *
/* This is not possible. We cannot represent an IPv6 address
in an `struct in_addr' variable. */
*h_errnop = HOST_NOT_FOUND;
- *result = NULL;
+ if (buffer_size == NULL)
+ *status = NSS_STATUS_NOTFOUND;
+ else
+ *result = NULL;
goto done;
case AF_INET6:
@@ -234,42 +235,6 @@ __nss_hostname_digits_dots (const char *
break;
}
- size_needed = (sizeof (*host_addr)
- + sizeof (*h_addr_ptrs) + strlen (name) + 1);
-
- if (buffer_size == NULL && buflen < size_needed)
- {
- if (h_errnop != NULL)
- *h_errnop = TRY_AGAIN;
- __set_errno (ERANGE);
- goto done;
- }
- else if (buffer_size != NULL && *buffer_size < size_needed)
- {
- char *new_buf;
- *buffer_size = size_needed;
- new_buf = realloc (*buffer, *buffer_size);
-
- if (new_buf == NULL)
- {
- save = errno;
- free (*buffer);
- __set_errno (save);
- *buffer = NULL;
- *buffer_size = 0;
- *result = NULL;
- goto done;
- }
- *buffer = new_buf;
- }
-
- memset (*buffer, '\0', size_needed);
-
- host_addr = (host_addr_t *) *buffer;
- h_addr_ptrs = (host_addr_list_t *)
- ((char *) host_addr + sizeof (*host_addr));
- hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
-
for (cp = name;; ++cp)
{
if (!*cp)
@@ -282,7 +247,9 @@ __nss_hostname_digits_dots (const char *
if (inet_pton (AF_INET6, name, host_addr) <= 0)
{
*h_errnop = HOST_NOT_FOUND;
- if (buffer_size)
+ if (buffer_size == NULL)
+ *status = NSS_STATUS_NOTFOUND;
+ else
*result = NULL;
goto done;
}
Index: glibc-2.10.1/nss/getXXbyYY_r.c
===================================================================
--- glibc-2.10.1.orig/nss/getXXbyYY_r.c
+++ glibc-2.10.1/nss/getXXbyYY_r.c
@@ -178,6 +178,9 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, L
case -1:
return errno;
case 1:
+#ifdef NEED_H_ERRNO
+ any_service = true;
+#endif
goto done;
}
#endif
Index: glibc-2.10.1/nss/test-digits-dots.c
===================================================================
--- /dev/null
+++ glibc-2.10.1/nss/test-digits-dots.c
@@ -0,0 +1,38 @@
+/* Copyright (C) 2013 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+/* Testcase for BZ #15014 */
+
+#include <stdlib.h>
+#include <netdb.h>
+#include <errno.h>
+
+static int
+do_test (void)
+{
+ char buf[32];
+ struct hostent *result = NULL;
+ struct hostent ret;
+ int h_err = 0;
+ int err;
+
+ err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err);
+ return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"