webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

glibc: Fix CVE-2013-7423 and CVE-2015-1781

Browse Source 
CVE-2013-7423: Fix invalid file descriptor reuse while sending DNS query
CVE-2015-1781: Fix buffer overflow in gethostbyname_r with misaligned buffer
This commit is contained in:
Michael Tremer
2015-04-27 21:17:17 +02:00
parent ffe32bf7ae
commit 30ca037fb3
5 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/rootfiles/core/90/filelists/armv5tel/glibc Symbolic link
View File

@@ -0,0 +1 @@
../../../../common/armv5tel/glibc

1
config/rootfiles/core/90/filelists/i586/glibc Symbolic link
View File

@@ -0,0 +1 @@
../../../../common/i586/glibc

2
lfs/glibc
View File

@@ -283,6 +283,8 @@ endif
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1154563.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1170121.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1183533.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1207995.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1209375.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch

27
src/patches/glibc/glibc-rh1207995.patch Normal file
View File

@@ -0,0 +1,27 @@
#
# Based on the following commit:
#
# commit f9d2d03254a58d92635a311a42253eeed5a40a47
# Author: Andreas Schwab <schwab@suse.de>
# Date: Mon May 26 18:01:31 2014 +0200
#
# Fix invalid file descriptor reuse while sending DNS query (BZ #15946)
#
# 2014-06-03 Andreas Schwab <schwab@suse.de>
#
# [BZ #15946]
# * resolv/res_send.c (send_dg): Reload file descriptor after
# calling reopen.
#
diff --git a/resolv/res_send.c b/resolv/res_send.c
index 3273d55..af42b8a 100644
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -1410,6 +1410,7 @@ send_dg(res_state statp,
retval = reopen (statp, terrno, ns);
if (retval <= 0)
return retval;
+ pfd[0].fd = EXT(statp).nssocks[ns];
}
}
goto wait;

18
src/patches/glibc/glibc-rh1209375.patch Normal file
View File

@@ -0,0 +1,18 @@
@@ -, +, @@
resolv/nss_dns/dns-host.c:getanswer_r.
---
resolv/nss_dns/dns-host.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/resolv/nss_dns/dns-host.c
+++ a/resolv/nss_dns/dns-host.c
@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
int have_to_map = 0;
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
buffer += pad;
- if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
+ buflen = buflen > pad ? buflen - pad : 0;
+ if (__builtin_expect (buflen < sizeof (struct host_data), 0))
{
/* The buffer is too small. */
too_small:
--