wok view glibc/stuff/glibc-2.14.1-CVE-2015-0235.patch @ rev 21820
syslinux/kbd: check kbd malloc pointer
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Sun Aug 25 11:41:26 2019 +0200 (2019-08-25) |
| parents | 705629de834c |
| children |
line source
1 CVE-2015-0235 GHOST
2 From https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
3 --- glibc-2.14.1/nss/digits_dots.c
4 +++ glibc-2.14.1/nss/digits_dots.c
5 @@ -47,7 +47,10 @@
6 {
7 if (h_errnop)
8 *h_errnop = NETDB_INTERNAL;
9 - *result = NULL;
10 + if (buffer_size == NULL)
11 + *status = NSS_STATUS_TRYAGAIN;
12 + else
13 + *result = NULL;
14 return -1;
15 }
17 @@ -84,14 +87,16 @@
18 }
20 size_needed = (sizeof (*host_addr)
21 - + sizeof (*h_addr_ptrs) + strlen (name) + 1);
22 + + sizeof (*h_addr_ptrs)
23 + + sizeof (*h_alias_ptr) + strlen (name) + 1);
25 if (buffer_size == NULL)
26 {
27 if (buflen < size_needed)
28 {
29 + *status = NSS_STATUS_TRYAGAIN;
30 if (h_errnop != NULL)
31 - *h_errnop = TRY_AGAIN;
32 + *h_errnop = NETDB_INTERNAL;
33 __set_errno (ERANGE);
34 goto done;
35 }
36 @@ -110,7 +115,7 @@
37 *buffer_size = 0;
38 __set_errno (save);
39 if (h_errnop != NULL)
40 - *h_errnop = TRY_AGAIN;
41 + *h_errnop = NETDB_INTERNAL;
42 *result = NULL;
43 goto done;
44 }
45 @@ -150,7 +155,9 @@
46 if (! ok)
47 {
48 *h_errnop = HOST_NOT_FOUND;
49 - if (buffer_size)
50 + if (buffer_size == NULL)
51 + *status = NSS_STATUS_NOTFOUND;
52 + else
53 *result = NULL;
54 goto done;
55 }
56 @@ -202,15 +209,6 @@
58 if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
59 {
60 - const char *cp;
61 - char *hostname;
62 - typedef unsigned char host_addr_t[16];
63 - host_addr_t *host_addr;
64 - typedef char *host_addr_list_t[2];
65 - host_addr_list_t *h_addr_ptrs;
66 - size_t size_needed;
67 - int addr_size;
68 -
69 switch (af)
70 {
71 default:
72 @@ -226,7 +224,10 @@
73 /* This is not possible. We cannot represent an IPv6 address
74 in an `struct in_addr' variable. */
75 *h_errnop = HOST_NOT_FOUND;
76 - *result = NULL;
77 + if (buffer_size == NULL)
78 + *status = NSS_STATUS_NOTFOUND;
79 + else
80 + *result = NULL;
81 goto done;
83 case AF_INET6:
84 @@ -234,42 +235,6 @@
85 break;
86 }
88 - size_needed = (sizeof (*host_addr)
89 - + sizeof (*h_addr_ptrs) + strlen (name) + 1);
90 -
91 - if (buffer_size == NULL && buflen < size_needed)
92 - {
93 - if (h_errnop != NULL)
94 - *h_errnop = TRY_AGAIN;
95 - __set_errno (ERANGE);
96 - goto done;
97 - }
98 - else if (buffer_size != NULL && *buffer_size < size_needed)
99 - {
100 - char *new_buf;
101 - *buffer_size = size_needed;
102 - new_buf = realloc (*buffer, *buffer_size);
103 -
104 - if (new_buf == NULL)
105 - {
106 - save = errno;
107 - free (*buffer);
108 - __set_errno (save);
109 - *buffer = NULL;
110 - *buffer_size = 0;
111 - *result = NULL;
112 - goto done;
113 - }
114 - *buffer = new_buf;
115 - }
116 -
117 - memset (*buffer, '\0', size_needed);
118 -
119 - host_addr = (host_addr_t *) *buffer;
120 - h_addr_ptrs = (host_addr_list_t *)
121 - ((char *) host_addr + sizeof (*host_addr));
122 - hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
123 -
124 for (cp = name;; ++cp)
125 {
126 if (!*cp)
127 @@ -282,7 +247,9 @@
128 if (inet_pton (AF_INET6, name, host_addr) <= 0)
129 {
130 *h_errnop = HOST_NOT_FOUND;
131 - if (buffer_size)
132 + if (buffer_size == NULL)
133 + *status = NSS_STATUS_NOTFOUND;
134 + else
135 *result = NULL;
136 goto done;
137 }
138 --- glibc-2.14.1/nss/getXXbyYY_r.c
139 +++ glibc-2.14.1/nss/getXXbyYY_r.c
140 @@ -180,6 +180,9 @@
141 case -1:
142 return errno;
143 case 1:
144 +#ifdef NEED_H_ERRNO
145 + any_service = true;
146 +#endif
147 goto done;
148 }
149 #endif