r6293 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches/any

Aurelien Jarno Thu, 16 Oct 2014 06:22:53 -0700

Author: aurel32
Date: 2014-10-16 13:06:39 +0000 (Thu, 16 Oct 2014)
New Revision: 6293


Modified:
   glibc-package/branches/glibc-branch-wheezy/debian/changelog
   
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff
Log:
debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream
commit c8fc0c91 to fix segmentation faults when nscd is in use.
Closes: #765506, #765526, #765562.

Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2014-10-16 
12:48:58 UTC (rev 6292)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2014-10-16 
13:06:39 UTC (rev 6293)
@@ -2,6 +2,9 @@
 
   * Update 2.13-38+deb7u5 changelog to mention that some lost glibc-doc
     files have been re-added in this version.
+  * debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream
+    commit c8fc0c91 to fix segmentation faults when nscd is in use.
+    Closes: #765506, #765526, #765562.
 
  -- Aurelien Jarno <aure...@debian.org>  Thu, 16 Oct 2014 14:46:42 +0200
 

Modified: 
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff
===================================================================
--- 
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff
        2014-10-16 12:48:58 UTC (rev 6292)
+++ 
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff
        2014-10-16 13:06:39 UTC (rev 6293)
@@ -1,3 +1,8 @@
+2011-05-31  Andreas Schwab  <sch...@redhat.com>
+
+       * nscd/nscd_getserv_r.c (nscd_getserv_r): Don't free non-malloced
+       memory.  Use alloca_account.  Fix memory leak when retrying.
+
 2011-05-22  Ulrich Drepper  <drep...@gmail.com>
  
        [BZ #12671]
@@ -134,7 +139,15 @@
    const uint32_t *aliases_len = NULL;
    const char *aliases_list = NULL;
    int retval = -1;
-@@ -136,8 +148,22 @@ nscd_getserv_r (const char *crit, size_t critlen, const 
char *proto,
+@@ -112,6 +124,7 @@ nscd_getserv_r (const char *crit, size_t critlen, const 
char *proto,
+         s_name = (char *) (&found->data[0].servdata + 1);
+         serv_resp = found->data[0].servdata;
+         s_proto = s_name + serv_resp.s_name_len;
++        alloca_aliases_len = 1;
+         aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len);
+         aliases_list = ((char *) aliases_len
+                         + serv_resp.s_aliases_cnt * sizeof (uint32_t));
+@@ -136,8 +149,24 @@ nscd_getserv_r (const char *crit, size_t critlen, const 
char *proto,
          if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1))
              != 0)
            {
@@ -146,7 +159,9 @@
 +                                   + (serv_resp.s_aliases_cnt
 +                                      * sizeof (uint32_t)));
 +            if (alloca_aliases_len)
-+              tmp = __alloca (serv_resp.s_aliases_cnt * sizeof (uint32_t));
++              tmp = alloca_account (serv_resp.s_aliases_cnt
++                                    * sizeof (uint32_t),
++                                    alloca_used);
 +            else
 +              {
 +                tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t));
@@ -159,7 +174,7 @@
              aliases_len = memcpy (tmp, aliases_len,
                                    serv_resp.s_aliases_cnt
                                    * sizeof (uint32_t));
-@@ -217,8 +243,24 @@ nscd_getserv_r (const char *crit, size_t critlen, const 
char *proto,
+@@ -217,8 +246,25 @@ nscd_getserv_r (const char *crit, size_t critlen, const 
char *proto,
  
          if (serv_resp.s_aliases_cnt > 0)
            {
@@ -171,8 +186,9 @@
 +                                   + (serv_resp.s_aliases_cnt
 +                                      * sizeof (uint32_t)));
 +            if (alloca_aliases_len)
-+              aliases_len = alloca (serv_resp.s_aliases_cnt
-+                                    * sizeof (uint32_t));
++              aliases_len = alloca_account (serv_resp.s_aliases_cnt
++                                            * sizeof (uint32_t),
++                                            alloca_used);
 +            else
 +              {
 +                aliases_len = malloc (serv_resp.s_aliases_cnt
@@ -186,8 +202,16 @@
              vec[n].iov_base = (void *) aliases_len;
              vec[n].iov_len = serv_resp.s_aliases_cnt * sizeof (uint32_t);
  
-@@ -329,5 +371,10 @@ nscd_getserv_r (const char *crit, size_t critlen, const 
char *proto,
-       goto retry;
+@@ -326,8 +372,17 @@ nscd_getserv_r (const char *crit, size_t critlen, const 
char *proto,
+       }
+ 
+       if (retval != -1)
+-      goto retry;
++      {
++        if (!alloca_aliases_len)
++          free (aliases_len);
++        goto retry;
++      }
      }
  
 +  if (!alloca_aliases_len)


-- 
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1xeklm-000646...@moszumanska.debian.org

r6293 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches/any

Reply via email to