diff options
| -rw-r--r-- | multitech/recipes/eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch | 253 | ||||
| -rw-r--r-- | multitech/recipes/eglibc/eglibc-initial_2.12.bbappend | 6 | ||||
| -rw-r--r-- | multitech/recipes/eglibc/eglibc_2.12.bbappend | 6 |
3 files changed, 265 insertions, 0 deletions
diff --git a/multitech/recipes/eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch b/multitech/recipes/eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch new file mode 100644 index 0000000..2d9954f --- /dev/null +++ b/multitech/recipes/eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch @@ -0,0 +1,253 @@ +The following was taken from Ubuntu 12.04 eglibc-2.15 source and the Makefile patch was +slightly modified to work against eglibc 2.12. + +From: Andreas Schwab <schwab@suse.de> +Date: Mon, 21 Jan 2013 16:41:28 +0000 (+0100) +Subject: Fix parsing of numeric hosts in gethostbyname_r +X-Git-Tag: glibc-2.18~221 +X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd + +Fix parsing of numeric hosts in gethostbyname_r + +2013-05-21 Andreas Schwab <schwab@suse.de> + + [BZ #15014] + * nss/getXXbyYY_r.c (INTERNAL (REENTRANT_NAME)) + [HANDLE_DIGITS_DOTS]: Set any_service when digits-dots parsing was + successful. + * nss/digits_dots.c (__nss_hostname_digits_dots): Remove + redundant variable declarations and reallocation of buffer when + parsing as IPv6 address. Always set NSS status when called from + reentrant functions. Use NETDB_INTERNAL instead of TRY_AGAIN when + buffer too small. Correct computation of needed size. + * nss/Makefile (tests): Add test-digits-dots. + * nss/test-digits-dots.c: New test. + +CVE-2015-0235 + +(Ubuntu note: patch differs from upstream commit in that it drops +the changelog and NEWS entries as well as the whitespace only change to +nss/getXXbyYY_r.c to reduce patch conflicts. --sbeattie) + +--- + nss/Makefile | 2 - + nss/digits_dots.c | 73 +++++++++++++------------------------------------ + nss/getXXbyYY_r.c | 3 ++ + nss/test-digits-dots.c | 38 +++++++++++++++++++++++++ + 4 files changed, 62 insertions(+), 54 deletions(-) + +Index: libc/nss/digits_dots.c +=================================================================== +--- libc.orig/nss/digits_dots.c 2010-11-16 12:47:37.000000000 -0600 ++++ libc/nss/digits_dots.c 2015-01-28 14:09:33.942597967 -0600 +@@ -47,7 +47,10 @@ + { + if (h_errnop) + *h_errnop = NETDB_INTERNAL; +- *result = NULL; ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_TRYAGAIN; ++ else ++ *result = NULL; + return -1; + } + +@@ -84,14 +87,16 @@ + } + + size_needed = (sizeof (*host_addr) +- + sizeof (*h_addr_ptrs) + strlen (name) + 1); ++ + sizeof (*h_addr_ptrs) ++ + sizeof (*h_alias_ptr) + strlen (name) + 1); + + if (buffer_size == NULL) + { + if (buflen < size_needed) + { ++ *status = NSS_STATUS_TRYAGAIN; + if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; ++ *h_errnop = NETDB_INTERNAL; + __set_errno (ERANGE); + goto done; + } +@@ -110,7 +115,7 @@ + *buffer_size = 0; + __set_errno (save); + if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; ++ *h_errnop = NETDB_INTERNAL; + *result = NULL; + goto done; + } +@@ -150,7 +155,9 @@ + if (! ok) + { + *h_errnop = HOST_NOT_FOUND; +- if (buffer_size) ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else + *result = NULL; + goto done; + } +@@ -191,7 +198,7 @@ + if (buffer_size == NULL) + *status = NSS_STATUS_SUCCESS; + else +- *result = resbuf; ++ *result = resbuf; + goto done; + } + +@@ -202,15 +209,6 @@ + + if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':') + { +- const char *cp; +- char *hostname; +- typedef unsigned char host_addr_t[16]; +- host_addr_t *host_addr; +- typedef char *host_addr_list_t[2]; +- host_addr_list_t *h_addr_ptrs; +- size_t size_needed; +- int addr_size; +- + switch (af) + { + default: +@@ -226,7 +224,10 @@ + /* This is not possible. We cannot represent an IPv6 address + in an `struct in_addr' variable. */ + *h_errnop = HOST_NOT_FOUND; +- *result = NULL; ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else ++ *result = NULL; + goto done; + + case AF_INET6: +@@ -234,42 +235,6 @@ + break; + } + +- size_needed = (sizeof (*host_addr) +- + sizeof (*h_addr_ptrs) + strlen (name) + 1); +- +- if (buffer_size == NULL && buflen < size_needed) +- { +- if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; +- __set_errno (ERANGE); +- goto done; +- } +- else if (buffer_size != NULL && *buffer_size < size_needed) +- { +- char *new_buf; +- *buffer_size = size_needed; +- new_buf = realloc (*buffer, *buffer_size); +- +- if (new_buf == NULL) +- { +- save = errno; +- free (*buffer); +- __set_errno (save); +- *buffer = NULL; +- *buffer_size = 0; +- *result = NULL; +- goto done; +- } +- *buffer = new_buf; +- } +- +- memset (*buffer, '\0', size_needed); +- +- host_addr = (host_addr_t *) *buffer; +- h_addr_ptrs = (host_addr_list_t *) +- ((char *) host_addr + sizeof (*host_addr)); +- hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs); +- + for (cp = name;; ++cp) + { + if (!*cp) +@@ -282,7 +247,9 @@ + if (inet_pton (AF_INET6, name, host_addr) <= 0) + { + *h_errnop = HOST_NOT_FOUND; +- if (buffer_size) ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else + *result = NULL; + goto done; + } +Index: libc/nss/getXXbyYY_r.c +=================================================================== +--- libc.orig/nss/getXXbyYY_r.c 2010-11-16 12:47:37.000000000 -0600 ++++ libc/nss/getXXbyYY_r.c 2015-01-28 14:09:33.942597967 -0600 +@@ -178,6 +178,9 @@ + case -1: + return errno; + case 1: ++#ifdef NEED_H_ERRNO ++ any_service = true; ++#endif + goto done; + } + #endif +Index: libc/nss/test-digits-dots.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ libc/nss/test-digits-dots.c 2015-01-28 14:09:33.978597382 -0600 +@@ -0,0 +1,38 @@ ++/* Copyright (C) 2013 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++/* Testcase for BZ #15014 */ ++ ++#include <stdlib.h> ++#include <netdb.h> ++#include <errno.h> ++ ++static int ++do_test (void) ++{ ++ char buf[32]; ++ struct hostent *result = NULL; ++ struct hostent ret; ++ int h_err = 0; ++ int err; ++ ++ err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err); ++ return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE; ++} ++ ++#define TEST_FUNCTION do_test () ++#include "../test-skeleton.c" +Index: libc/nss/Makefile +=================================================================== +--- libc.orig/nss/Makefile 2015-01-28 14:09:26.000000000 -0600 ++++ libc/nss/Makefile 2015-01-28 14:10:37.181572603 -0600 +@@ -46,6 +46,7 @@ + others := getent + install-bin := getent + ++tests = test-digits-dots + tests-$(OPTION_EGLIBC_INET) += test-netdb + xtests-$(OPTION_EGLIBC_INET) += bug-erange + diff --git a/multitech/recipes/eglibc/eglibc-initial_2.12.bbappend b/multitech/recipes/eglibc/eglibc-initial_2.12.bbappend new file mode 100644 index 0000000..4e65e80 --- /dev/null +++ b/multitech/recipes/eglibc/eglibc-initial_2.12.bbappend @@ -0,0 +1,6 @@ +FILESEXTRA := "${THISDIR}" +FILESPATHBASE =. "${FILESEXTRA}:" + +# patch for eglibc GHOST vulnerability +SRC_URI += "file://eglibc-CVE-2015-0235.patch" +PR .= ".corecdp1" diff --git a/multitech/recipes/eglibc/eglibc_2.12.bbappend b/multitech/recipes/eglibc/eglibc_2.12.bbappend new file mode 100644 index 0000000..4e65e80 --- /dev/null +++ b/multitech/recipes/eglibc/eglibc_2.12.bbappend @@ -0,0 +1,6 @@ +FILESEXTRA := "${THISDIR}" +FILESPATHBASE =. "${FILESEXTRA}:" + +# patch for eglibc GHOST vulnerability +SRC_URI += "file://eglibc-CVE-2015-0235.patch" +PR .= ".corecdp1" |