Unfortunately this patch doesn't apply (even after I edited for the
previous addition of glibc: fix CVE-2023-4806
ERROR: glibc-2.37-r1 do_patch: Applying patch
'0024-CVE-2023-5156-1.patch' on target directory
'/home/steve/builds/poky-contrib-mickledore/build/tmp/work/core2-64-poky-linux/glibc/2.37-r1/git'
CmdError('quilt --quiltrc
/home/steve/builds/poky-contrib-mickledore/build/tmp/work/core2-64-poky-linux/glibc/2.37-r1/recipe-sysroot-native/etc/quiltrc
push', 0, 'stdout: Applying patch 0024-CVE-2023-5156-1.patch
patching file nss/Makefile
Hunk #1 FAILED at 82.
Hunk #2 FAILED at 145.
Hunk #3 FAILED at 180.
Hunk #4 FAILED at 195.
Hunk #5 FAILED at 215.
5 out of 5 hunks FAILED -- rejects in file nss/Makefile
The next patch would create the file nss/nss_test_gai_hv2_canonname.c,
which already exists! Applying it anyway.
patching file nss/nss_test_gai_hv2_canonname.c
Hunk #1 FAILED at 1.
1 out of 1 hunk FAILED -- rejects in file nss/nss_test_gai_hv2_canonname.c
The next patch would create the file nss/tst-nss-gai-hv2-canonname.c,
which already exists! Applying it anyway.
patching file nss/tst-nss-gai-hv2-canonname.c
Hunk #1 FAILED at 1.
1 out of 1 hunk FAILED -- rejects in file nss/tst-nss-gai-hv2-canonname.c
The next patch would create the file nss/tst-nss-gai-hv2-canonname.h,
which already exists! Applying it anyway.
patching file nss/tst-nss-gai-hv2-canonname.h
Hunk #1 FAILED at 1.
1 out of 1 hunk FAILED -- rejects in file nss/tst-nss-gai-hv2-canonname.h
The next patch would empty out the file
nss/tst-nss-gai-hv2-canonname.root/postclean.req,
which is already empty! Applying it anyway.
patching file nss/tst-nss-gai-hv2-canonname.root/postclean.req
The next patch would create the file
nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script,
which already exists! Applying it anyway.
patching file
nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
Hunk #1 FAILED at 1.
1 out of 1 hunk FAILED -- rejects in file
nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
patching file sysdeps/posix/getaddrinfo.c
Hunk #1 FAILED at 120.
Hunk #2 FAILED at 165.
Hunk #3 FAILED at 203.
Hunk #4 succeeded at 248 with fuzz 2 (offset 10 lines).
Hunk #5 FAILED at 271.
Hunk #6 FAILED at 333.
Hunk #7 FAILED at 780.
6 out of 7 hunks FAILED -- rejects in file sysdeps/posix/getaddrinfo.c
Patch 0024-CVE-2023-5156-1.patch can be reverse-applied
Steve
On Tue, Oct 3, 2023 at 1:30 AM <deepthi.hem...@windriver.com> wrote:
>
> From: Deepthi Hemraj <deepthi.hem...@windriver.com>
>
> Signed-off-by: Deepthi Hemraj <deepthi.hem...@windriver.com>
> ---
> .../glibc/glibc/0024-CVE-2023-5156-1.patch | 329 ++++++++++++++++++
> .../glibc/glibc/0024-CVE-2023-5156-2.patch | 93 +++++
> meta/recipes-core/glibc/glibc_2.37.bb | 2 +
> 3 files changed, 424 insertions(+)
> create mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-1.patch
> create mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-2.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-1.patch
> b/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-1.patch
> new file mode 100644
> index 0000000000..65afaa446a
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-1.patch
> @@ -0,0 +1,329 @@
> +From: Siddhesh Poyarekar <siddh...@sourceware.org>
> +Date: Fri, 15 Sep 2023 17:51:12 +0000 (-0400)
> +Subject: getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
> +X-Git-Url:
> https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=973fe93a5675c42798b2161c6f29c01b0e243994
> +
> +getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
> +
> +When an NSS plugin only implements the _gethostbyname2_r and
> +_getcanonname_r callbacks, getaddrinfo could use memory that was freed
> +during tmpbuf resizing, through h_name in a previous query response.
> +
> +The backing store for res->at->name when doing a query with
> +gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in
> +gethosts during the query. For AF_INET6 lookup with AI_ALL |
> +AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second
> +for a v4 lookup. In this case, if the first call reallocates tmpbuf
> +enough number of times, resulting in a malloc, th->h_name (that
> +res->at->name refers to) ends up on a heap allocated storage in tmpbuf.
> +Now if the second call to gethosts also causes the plugin callback to
> +return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF
> +reference in res->at->name. This then gets dereferenced in the
> +getcanonname_r plugin call, resulting in the use after free.
> +
> +Fix this by copying h_name over and freeing it at the end. This
> +resolves BZ #30843, which is assigned CVE-2023-4806.
> +
> +Signed-off-by: Siddhesh Poyarekar <siddh...@sourceware.org>
> +
> +Upstream-Status: Backport
> [https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=973fe93a5675c42798b2161c6f29c01b0e243994]
> +
> +CVE: CVE-2023-5156
> +
> +Signed-off-by: Deepthi Hemraj <deepthi.hem...@windriver.com>
> +
> +---
> +
> +diff --git a/nss/Makefile b/nss/Makefile
> +index 06fcdc450f..8a5126ecf3 100644
> +--- a/nss/Makefile
> ++++ b/nss/Makefile
> +@@ -82,6 +82,7 @@ tests-container := \
> + tst-nss-test3 \
> + tst-reload1 \
> + tst-reload2 \
> ++ tst-nss-gai-hv2-canonname \
> + # tests-container
> +
> + # Tests which need libdl
> +@@ -145,7 +146,8 @@ libnss_compat-inhibit-o = $(filter-out
> .os,$(object-suffixes))
> + ifeq ($(build-static-nss),yes)
> + tests-static += tst-nss-static
> + endif
> +-extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os
> ++extra-test-objs += nss_test1.os nss_test2.os
> nss_test_errno.os \
> ++ nss_test_gai_hv2_canonname.os
> +
> + include ../Rules
> +
> +@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver
> + libof-nss_test1 = extramodules
> + libof-nss_test2 = extramodules
> + libof-nss_test_errno = extramodules
> ++libof-nss_test_gai_hv2_canonname = extramodules
> + $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
> + $(build-module)
> + $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
> + $(build-module)
> + $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
> + $(build-module)
> ++$(objpfx)/libnss_test_gai_hv2_canonname.so: \
> ++ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps)
> ++ $(build-module)
> + $(objpfx)nss_test2.os : nss_test1.c
> + # Use the nss_files suffix for these objects as well.
> + $(objpfx)/libnss_test1.so$(libnss_files.so-version):
> $(objpfx)/libnss_test1.so
> +@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version):
> $(objpfx)/libnss_test2.so
> + $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \
> + $(objpfx)/libnss_test_errno.so
> + $(make-link)
> ++$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \
> ++ $(objpfx)/libnss_test_gai_hv2_canonname.so
> ++ $(make-link)
> + $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \
> + $(objpfx)/libnss_test1.so$(libnss_files.so-version) \
> + $(objpfx)/libnss_test2.so$(libnss_files.so-version) \
> +- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version)
> ++ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \
> ++ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version)
> +
> + ifeq (yes,$(have-thread-library))
> + $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library)
> +@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags
> + LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags
> + LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags
> + LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags
> ++LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags
> +diff --git a/nss/nss_test_gai_hv2_canonname.c
> b/nss/nss_test_gai_hv2_canonname.c
> +new file mode 100644
> +index 0000000000..4439c83c9f
> +--- /dev/null
> ++++ b/nss/nss_test_gai_hv2_canonname.c
> +@@ -0,0 +1,56 @@
> ++/* NSS service provider that only provides gethostbyname2_r.
> ++ Copyright The GNU Toolchain Authors.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <https://www.gnu.org/licenses/>. */
> ++
> ++#include <nss.h>
> ++#include <stdlib.h>
> ++#include <string.h>
> ++#include "nss/tst-nss-gai-hv2-canonname.h"
> ++
> ++/* Catch misnamed and functions. */
> ++#pragma GCC diagnostic error "-Wmissing-prototypes"
> ++NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname)
> ++
> ++extern enum nss_status _nss_files_gethostbyname2_r (const char *, int,
> ++ struct hostent *, char *,
> ++ size_t, int *, int *);
> ++
> ++enum nss_status
> ++_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af,
> ++ struct hostent *result,
> ++ char *buffer, size_t buflen,
> ++ int *errnop, int *herrnop)
> ++{
> ++ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen,
> errnop,
> ++ herrnop);
> ++}
> ++
> ++enum nss_status
> ++_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer,
> ++ size_t buflen, char **result,
> ++ int *errnop, int *h_errnop)
> ++{
> ++ /* We expect QUERYNAME, which is a small enough string that it shouldn't
> fail
> ++ the test. */
> ++ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME))
> ++ || buflen < sizeof (QUERYNAME))
> ++ abort ();
> ++
> ++ strncpy (buffer, name, buflen);
> ++ *result = buffer;
> ++ return NSS_STATUS_SUCCESS;
> ++}
> +diff --git a/nss/tst-nss-gai-hv2-canonname.c
> b/nss/tst-nss-gai-hv2-canonname.c
> +new file mode 100644
> +index 0000000000..d5f10c07d6
> +--- /dev/null
> ++++ b/nss/tst-nss-gai-hv2-canonname.c
> +@@ -0,0 +1,63 @@
> ++/* Test NSS query path for plugins that only implement gethostbyname2
> ++ (#30843).
> ++ Copyright The GNU Toolchain Authors.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <https://www.gnu.org/licenses/>. */
> ++
> ++#include <nss.h>
> ++#include <netdb.h>
> ++#include <stdlib.h>
> ++#include <string.h>
> ++#include <support/check.h>
> ++#include <support/xstdio.h>
> ++#include "nss/tst-nss-gai-hv2-canonname.h"
> ++
> ++#define PREPARE do_prepare
> ++
> ++static void do_prepare (int a, char **av)
> ++{
> ++ FILE *hosts = xfopen ("/etc/hosts", "w");
> ++ for (unsigned i = 2; i < 255; i++)
> ++ {
> ++ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i);
> ++ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i);
> ++ }
> ++ xfclose (hosts);
> ++}
> ++
> ++static int
> ++do_test (void)
> ++{
> ++ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
> ++
> ++ struct addrinfo hints = {};
> ++ struct addrinfo *result = NULL;
> ++
> ++ hints.ai_family = AF_INET6;
> ++ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME;
> ++
> ++ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result);
> ++
> ++ if (ret != 0)
> ++ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret));
> ++
> ++ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME);
> ++
> ++ freeaddrinfo(result);
> ++ return 0;
> ++}
> ++
> ++#include <support/test-driver.c>
> +diff --git a/nss/tst-nss-gai-hv2-canonname.h
> b/nss/tst-nss-gai-hv2-canonname.h
> +new file mode 100644
> +index 0000000000..14f2a9cb08
> +--- /dev/null
> ++++ b/nss/tst-nss-gai-hv2-canonname.h
> +@@ -0,0 +1 @@
> ++#define QUERYNAME "test.example.com"
> +diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req
> b/nss/tst-nss-gai-hv2-canonname.root/postclean.req
> +new file mode 100644
> +index 0000000000..e69de29bb2
> +diff --git
> a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
> b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
> +new file mode 100644
> +index 0000000000..31848b4a28
> +--- /dev/null
> ++++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
> +@@ -0,0 +1,2 @@
> ++cp $B/nss/libnss_test_gai_hv2_canonname.so
> $L/libnss_test_gai_hv2_canonname.so.2
> ++su
> +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
> +index 6ae6744fe4..47f421fddf 100644
> +--- a/sysdeps/posix/getaddrinfo.c
> ++++ b/sysdeps/posix/getaddrinfo.c
> +@@ -120,6 +120,7 @@ struct gaih_result
> + {
> + struct gaih_addrtuple *at;
> + char *canon;
> ++ char *h_name;
> + bool free_at;
> + bool got_ipv6;
> + };
> +@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res)
> + if (res->free_at)
> + free (res->at);
> + free (res->canon);
> ++ free (res->h_name);
> + memset (res, 0, sizeof (*res));
> + }
> +
> +@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct
> gaih_typeproto *tp,
> + return 0;
> + }
> +
> +-/* Convert struct hostent to a list of struct gaih_addrtuple objects.
> h_name
> +- is not copied, and the struct hostent object must not be deallocated
> +- prematurely. The new addresses are appended to the tuple array in RES.
> */
> ++/* Convert struct hostent to a list of struct gaih_addrtuple objects. The
> new
> ++ addresses are appended to the tuple array in RES. */
> + static bool
> + convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
> + struct hostent *h, struct gaih_result *res)
> +@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct
> addrinfo *req, int family,
> + res->at = array;
> + res->free_at = true;
> +
> ++ /* Duplicate h_name because it may get reclaimed when the underlying
> storage
> ++ is freed. */
> ++ if (res->h_name == NULL)
> ++ {
> ++ res->h_name = __strdup (h->h_name);
> ++ if (res->h_name == NULL)
> ++ return false;
> ++ }
> ++
> + /* Update the next pointers on reallocation. */
> + for (size_t i = 0; i < old; i++)
> + array[i].next = array + i + 1;
> +@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo
> *req, int family,
> + }
> + array[i].next = array + i + 1;
> + }
> +- array[0].name = h->h_name;
> + array[count - 1].next = NULL;
> +
> + return true;
> +@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const
> char *name,
> + memory allocation failure. The returned string is allocated on the
> + heap; the caller has to free it. */
> + static char *
> +-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char
> *name)
> ++getcanonname (nss_action_list nip, const char *hname, const char *name)
> + {
> + nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r");
> + char *s = (char *) name;
> + if (cfct != NULL)
> + {
> + char buf[256];
> +- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf),
> +- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS)
> ++ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno,
> ++ &h_errno)) != NSS_STATUS_SUCCESS)
> + /* If the canonical name cannot be determined, use the passed
> + string. */
> + s = (char *) name;
> +@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct
> addrinfo *req,
> + if ((req->ai_flags & AI_CANONNAME) != 0
> + && res->canon == NULL)
> + {
> +- char *canonbuf = getcanonname (nip, res->at, name);
> ++ char *canonbuf = getcanonname (nip, res->h_name, name);
> + if (canonbuf == NULL)
> + {
> + __resolv_context_put (res_ctx);
> diff --git a/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-2.patch
> b/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-2.patch
> new file mode 100644
> index 0000000000..507db5e13b
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-2.patch
> @@ -0,0 +1,93 @@
> +From: Romain Geissler <romain.geiss...@amadeus.com>
> +Date: Mon, 25 Sep 2023 00:21:51 +0000 (+0100)
> +Subject: Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ
> #30843]
> +X-Git-Url:
> https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
> +
> +Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
> +
> +This patch fixes a very recently added leak in getaddrinfo.
> +
> +Reviewed-by: Siddhesh Poyarekar <siddh...@sourceware.org>
> +
> +Upstream-Status: Backport
> [https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=ec6b95c3303c700eb89eebeda2d7264cc184a796]
> +
> +CVE: CVE-2023-5156
> +
> +Signed-off-by: Deepthi Hemraj <deepthi.hem...@windriver.com>
> +
> +---
> +
> +diff --git a/nss/Makefile b/nss/Makefile
> +index 8a5126ecf3..668ba34b18 100644
> +--- a/nss/Makefile
> ++++ b/nss/Makefile
> +@@ -149,6 +149,15 @@ endif
> + extra-test-objs += nss_test1.os nss_test2.os
> nss_test_errno.os \
> + nss_test_gai_hv2_canonname.os
> +
> ++ifeq ($(run-built-tests),yes)
> ++ifneq (no,$(PERL))
> ++tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out
> ++endif
> ++endif
> ++
> ++generated += mtrace-tst-nss-gai-hv2-canonname.out \
> ++ tst-nss-gai-hv2-canonname.mtrace
> ++
> + include ../Rules
> +
> + ifeq (yes,$(have-selinux))
> +@@ -217,6 +226,17 @@ endif
> + $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
> + $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
> +
> ++tst-nss-gai-hv2-canonname-ENV = \
> ++ MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \
> ++ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
> ++$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \
> ++ $(objpfx)tst-nss-gai-hv2-canonname.out
> ++ { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \
> ++ || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77;
> ) \
> ++ && $(common-objpfx)malloc/mtrace \
> ++ $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \
> ++ $(evaluate-test)
> ++
> + # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
> + # functions can load testing NSS modules via DT_RPATH.
> + LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
> +diff --git a/nss/tst-nss-gai-hv2-canonname.c
> b/nss/tst-nss-gai-hv2-canonname.c
> +index d5f10c07d6..7db53cf09d 100644
> +--- a/nss/tst-nss-gai-hv2-canonname.c
> ++++ b/nss/tst-nss-gai-hv2-canonname.c
> +@@ -21,6 +21,7 @@
> + #include <netdb.h>
> + #include <stdlib.h>
> + #include <string.h>
> ++#include <mcheck.h>
> + #include <support/check.h>
> + #include <support/xstdio.h>
> + #include "nss/tst-nss-gai-hv2-canonname.h"
> +@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av)
> + static int
> + do_test (void)
> + {
> ++ mtrace ();
> ++
> + __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
> +
> + struct addrinfo hints = {};
> +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
> +index 47f421fddf..531124958d 100644
> +--- a/sysdeps/posix/getaddrinfo.c
> ++++ b/sysdeps/posix/getaddrinfo.c
> +@@ -1196,9 +1196,7 @@ free_and_return:
> + if (malloc_name)
> + free ((char *) name);
> + free (addrmem);
> +- if (res.free_at)
> +- free (res.at);
> +- free (res.canon);
> ++ gaih_result_reset (&res);
> +
> + return result;
> + }
> diff --git a/meta/recipes-core/glibc/glibc_2.37.bb
> b/meta/recipes-core/glibc/glibc_2.37.bb
> index caf454f368..b88bc5fc4f 100644
> --- a/meta/recipes-core/glibc/glibc_2.37.bb
> +++ b/meta/recipes-core/glibc/glibc_2.37.bb
> @@ -50,6 +50,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc
> \
>
> file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
>
> file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \
> file://0023-CVE-2023-4527.patch \
> + file://0024-CVE-2023-5156-1.patch \
> + file://0024-CVE-2023-5156-2.patch \
> "
> S = "${WORKDIR}/git"
> B = "${WORKDIR}/build-${TARGET_SYS}"
> --
> 2.39.0
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188648):
https://lists.openembedded.org/g/openembedded-core/message/188648
Mute This Topic: https://lists.openembedded.org/mt/101731788/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
