Author: aurel32 Date: 2014-10-16 13:06:39 +0000 (Thu, 16 Oct 2014) New Revision: 6293
Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff Log: debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream commit c8fc0c91 to fix segmentation faults when nscd is in use. Closes: #765506, #765526, #765562. Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog =================================================================== --- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2014-10-16 12:48:58 UTC (rev 6292) +++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2014-10-16 13:06:39 UTC (rev 6293) @@ -2,6 +2,9 @@ * Update 2.13-38+deb7u5 changelog to mention that some lost glibc-doc files have been re-added in this version. + * debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream + commit c8fc0c91 to fix segmentation faults when nscd is in use. + Closes: #765506, #765526, #765562. -- Aurelien Jarno <aure...@debian.org> Thu, 16 Oct 2014 14:46:42 +0200 Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff =================================================================== --- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff 2014-10-16 12:48:58 UTC (rev 6292) +++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2013-4357.diff 2014-10-16 13:06:39 UTC (rev 6293) @@ -1,3 +1,8 @@ +2011-05-31 Andreas Schwab <sch...@redhat.com> + + * nscd/nscd_getserv_r.c (nscd_getserv_r): Don't free non-malloced + memory. Use alloca_account. Fix memory leak when retrying. + 2011-05-22 Ulrich Drepper <drep...@gmail.com> [BZ #12671] @@ -134,7 +139,15 @@ const uint32_t *aliases_len = NULL; const char *aliases_list = NULL; int retval = -1; -@@ -136,8 +148,22 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, +@@ -112,6 +124,7 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, + s_name = (char *) (&found->data[0].servdata + 1); + serv_resp = found->data[0].servdata; + s_proto = s_name + serv_resp.s_name_len; ++ alloca_aliases_len = 1; + aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len); + aliases_list = ((char *) aliases_len + + serv_resp.s_aliases_cnt * sizeof (uint32_t)); +@@ -136,8 +149,24 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1)) != 0) { @@ -146,7 +159,9 @@ + + (serv_resp.s_aliases_cnt + * sizeof (uint32_t))); + if (alloca_aliases_len) -+ tmp = __alloca (serv_resp.s_aliases_cnt * sizeof (uint32_t)); ++ tmp = alloca_account (serv_resp.s_aliases_cnt ++ * sizeof (uint32_t), ++ alloca_used); + else + { + tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t)); @@ -159,7 +174,7 @@ aliases_len = memcpy (tmp, aliases_len, serv_resp.s_aliases_cnt * sizeof (uint32_t)); -@@ -217,8 +243,24 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, +@@ -217,8 +246,25 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, if (serv_resp.s_aliases_cnt > 0) { @@ -171,8 +186,9 @@ + + (serv_resp.s_aliases_cnt + * sizeof (uint32_t))); + if (alloca_aliases_len) -+ aliases_len = alloca (serv_resp.s_aliases_cnt -+ * sizeof (uint32_t)); ++ aliases_len = alloca_account (serv_resp.s_aliases_cnt ++ * sizeof (uint32_t), ++ alloca_used); + else + { + aliases_len = malloc (serv_resp.s_aliases_cnt @@ -186,8 +202,16 @@ vec[n].iov_base = (void *) aliases_len; vec[n].iov_len = serv_resp.s_aliases_cnt * sizeof (uint32_t); -@@ -329,5 +371,10 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, - goto retry; +@@ -326,8 +372,17 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, + } + + if (retval != -1) +- goto retry; ++ { ++ if (!alloca_aliases_len) ++ free (aliases_len); ++ goto retry; ++ } } + if (!alloca_aliases_len) -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1xeklm-000646...@moszumanska.debian.org