aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
blob: ba1da67b762581d51c3885643beba59e01e7c377 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
CVE-2014-9402 endless loop in getaddr_r


https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=11e3417af6e354f1942c68a271ae51e892b2814d

Upstream-Status: Backport

Signed-off-by: Armin Kuster <akuster@mvista.com>

From 11e3417af6e354f1942c68a271ae51e892b2814d Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 15 Dec 2014 17:41:13 +0100
Subject: [PATCH] Avoid infinite loop in nss_dns getnetbyname [BZ #17630]

---
 ChangeLog                    | 6 ++++++
 NEWS                         | 7 +++++--
 resolv/nss_dns/dns-network.c | 4 ++--
 3 files changed, 13 insertions(+), 4 deletions(-)

Index: git/NEWS
===================================================================
--- git.orig/NEWS
+++ git/NEWS
@@ -24,7 +24,10 @@ Version 2.20
   17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078,
   17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150,
   17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354,
-  17625.
+  17625, 17630.
+
+* The nss_dns implementation of getnetbyname could run into an infinite loop
+  if the DNS response contained a PTR record of an unexpected format.
 
 * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
   under certain input conditions resulting in the execution of a shell for
Index: git/resolv/nss_dns/dns-network.c
===================================================================
--- git.orig/resolv/nss_dns/dns-network.c
+++ git/resolv/nss_dns/dns-network.c
@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int
 
 	case BYNAME:
 	  {
-	    char **ap = result->n_aliases++;
-	    while (*ap != NULL)
+	    char **ap;
+	    for (ap = result->n_aliases; *ap != NULL; ++ap)
 	      {
 		/* Check each alias name for being of the forms:
 		   4.3.2.1.in-addr.arpa		= net 1.2.3.4
Index: git/ChangeLog
===================================================================
--- git.orig/ChangeLog
+++ git/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-16  Florian Weimer  <fweimer@redhat.com>
+
+       [BZ #17630]
+       * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+       names.
+
 2014-12-15  Jeff Law  <law@redhat.com>
 
    [BZ #16617]