wok: glibc/stuff/glibc-2.14.1-CVE-2015-0235.patch annotate

wok annotate glibc/stuff/glibc-2.14.1-CVE-2015-0235.patch @ rev 21820

syslinux/kbd: check kbd malloc pointer

author	Pascal Bellard <pascal.bellard@slitaz.org>
date	Sun Aug 25 11:41:26 2019 +0200 (2019-08-25)
parents	705629de834c
children

rev	line source
pascal@17546	1 CVE-2015-0235 GHOST
pascal@17546	2 From https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
pascal@17546	3 --- glibc-2.14.1/nss/digits_dots.c
pascal@17546	4 +++ glibc-2.14.1/nss/digits_dots.c
pascal@17546	5 @@ -47,7 +47,10 @@
pascal@17546	6 {
pascal@17546	7 if (h_errnop)
pascal@17546	8 *h_errnop = NETDB_INTERNAL;
pascal@17546	9 - *result = NULL;
pascal@17546	10 + if (buffer_size == NULL)
pascal@17546	11 + *status = NSS_STATUS_TRYAGAIN;
pascal@17546	12 + else
pascal@17546	13 + *result = NULL;
pascal@17546	14 return -1;
pascal@17546	15 }
pascal@17546	16
pascal@17553	17 @@ -84,14 +87,16 @@
pascal@17553	18 }
pascal@17553	19
pascal@17553	20 size_needed = (sizeof (*host_addr)
pascal@17553	21 - + sizeof (*h_addr_ptrs) + strlen (name) + 1);
pascal@17553	22 + + sizeof (*h_addr_ptrs)
pascal@17553	23 + + sizeof (*h_alias_ptr) + strlen (name) + 1);
pascal@17553	24
pascal@17553	25 if (buffer_size == NULL)
pascal@17546	26 {
pascal@17546	27 if (buflen < size_needed)
pascal@17546	28 {
pascal@17546	29 + *status = NSS_STATUS_TRYAGAIN;
pascal@17546	30 if (h_errnop != NULL)
pascal@17546	31 - *h_errnop = TRY_AGAIN;
pascal@17546	32 + *h_errnop = NETDB_INTERNAL;
pascal@17546	33 __set_errno (ERANGE);
pascal@17546	34 goto done;
pascal@17546	35 }
pascal@17553	36 @@ -110,7 +115,7 @@
pascal@17546	37 *buffer_size = 0;
pascal@17546	38 __set_errno (save);
pascal@17546	39 if (h_errnop != NULL)
pascal@17546	40 - *h_errnop = TRY_AGAIN;
pascal@17546	41 + *h_errnop = NETDB_INTERNAL;
pascal@17546	42 *result = NULL;
pascal@17546	43 goto done;
pascal@17546	44 }
pascal@17553	45 @@ -150,7 +155,9 @@
pascal@17546	46 if (! ok)
pascal@17546	47 {
pascal@17546	48 *h_errnop = HOST_NOT_FOUND;
pascal@17546	49 - if (buffer_size)
pascal@17546	50 + if (buffer_size == NULL)
pascal@17547	51 + *status = NSS_STATUS_NOTFOUND;
pascal@17546	52 + else
pascal@17546	53 *result = NULL;
pascal@17546	54 goto done;
pascal@17546	55 }
pascal@17553	56 @@ -202,15 +209,6 @@
pascal@17546	57
pascal@17546	58 if ((isxdigit (name[0]) && strchr (name, ':') != NULL) \|\| name[0] == ':')
pascal@17546	59 {
pascal@17546	60 - const char *cp;
pascal@17546	61 - char *hostname;
pascal@17546	62 - typedef unsigned char host_addr_t[16];
pascal@17546	63 - host_addr_t *host_addr;
pascal@17546	64 - typedef char *host_addr_list_t[2];
pascal@17546	65 - host_addr_list_t *h_addr_ptrs;
pascal@17546	66 - size_t size_needed;
pascal@17546	67 - int addr_size;
pascal@17546	68 -
pascal@17546	69 switch (af)
pascal@17546	70 {
pascal@17546	71 default:
pascal@17553	72 @@ -226,7 +224,10 @@
pascal@17546	73 /* This is not possible. We cannot represent an IPv6 address
pascal@17546	74 in an `struct in_addr' variable. */
pascal@17546	75 *h_errnop = HOST_NOT_FOUND;
pascal@17546	76 - *result = NULL;
pascal@17546	77 + if (buffer_size == NULL)
pascal@17546	78 + *status = NSS_STATUS_NOTFOUND;
pascal@17546	79 + else
pascal@17546	80 + *result = NULL;
pascal@17546	81 goto done;
pascal@17546	82
pascal@17546	83 case AF_INET6:
pascal@17553	84 @@ -234,42 +235,6 @@
pascal@17546	85 break;
pascal@17546	86 }
pascal@17546	87
pascal@17546	88 - size_needed = (sizeof (*host_addr)
pascal@17546	89 - + sizeof (*h_addr_ptrs) + strlen (name) + 1);
pascal@17546	90 -
pascal@17546	91 - if (buffer_size == NULL && buflen < size_needed)
pascal@17546	92 - {
pascal@17546	93 - if (h_errnop != NULL)
pascal@17546	94 - *h_errnop = TRY_AGAIN;
pascal@17546	95 - __set_errno (ERANGE);
pascal@17546	96 - goto done;
pascal@17546	97 - }
pascal@17546	98 - else if (buffer_size != NULL && *buffer_size < size_needed)
pascal@17546	99 - {
pascal@17546	100 - char *new_buf;
pascal@17546	101 - *buffer_size = size_needed;
pascal@17546	102 - new_buf = realloc (buffer, buffer_size);
pascal@17546	103 -
pascal@17546	104 - if (new_buf == NULL)
pascal@17546	105 - {
pascal@17546	106 - save = errno;
pascal@17546	107 - free (*buffer);
pascal@17546	108 - __set_errno (save);
pascal@17546	109 - *buffer = NULL;
pascal@17546	110 - *buffer_size = 0;
pascal@17546	111 - *result = NULL;
pascal@17546	112 - goto done;
pascal@17546	113 - }
pascal@17546	114 - *buffer = new_buf;
pascal@17546	115 - }
pascal@17546	116 -
pascal@17546	117 - memset (*buffer, '\0', size_needed);
pascal@17546	118 -
pascal@17546	119 - host_addr = (host_addr_t ) buffer;
pascal@17546	120 - h_addr_ptrs = (host_addr_list_t *)
pascal@17546	121 - ((char ) host_addr + sizeof (host_addr));
pascal@17546	122 - hostname = (char ) h_addr_ptrs + sizeof (h_addr_ptrs);
pascal@17546	123 -
pascal@17546	124 for (cp = name;; ++cp)
pascal@17546	125 {
pascal@17546	126 if (!*cp)
pascal@17553	127 @@ -282,7 +247,9 @@
pascal@17546	128 if (inet_pton (AF_INET6, name, host_addr) <= 0)
pascal@17546	129 {
pascal@17546	130 *h_errnop = HOST_NOT_FOUND;
pascal@17546	131 - if (buffer_size)
pascal@17546	132 + if (buffer_size == NULL)
pascal@17547	133 + *status = NSS_STATUS_NOTFOUND;
pascal@17546	134 + else
pascal@17546	135 *result = NULL;
pascal@17546	136 goto done;
pascal@17546	137 }
pascal@17553	138 --- glibc-2.14.1/nss/getXXbyYY_r.c
pascal@17553	139 +++ glibc-2.14.1/nss/getXXbyYY_r.c
pascal@17553	140 @@ -180,6 +180,9 @@
pascal@17553	141 case -1:
pascal@17553	142 return errno;
pascal@17553	143 case 1:
pascal@17553	144 +#ifdef NEED_H_ERRNO
pascal@17553	145 + any_service = true;
pascal@17553	146 +#endif
pascal@17553	147 goto done;
pascal@17553	148 }
pascal@17553	149 #endif

SliTaz Repositories

wok annotate glibc/stuff/glibc-2.14.1-CVE-2015-0235.patch @ rev 21820