summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2015-02-20 10:37:37 (GMT)
committerTudor Florea <tudor.florea@enea.com>2015-07-06 18:19:37 (GMT)
commit57e2046e575c85d5963b108792a28fc166329234 (patch)
treea1e712926f1099455d0752430b0de35decb8418b
parent0892adf79c73bbfb427846670c480da0912431a2 (diff)
downloadpoky-57e2046e575c85d5963b108792a28fc166329234.tar.gz
eglibc: CVE-2014-9402 denial of service in getnetbyname
getnetbyname function in eglibc 2.21 and earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the networkname. Reference https://sourceware.org/bugzilla/show_bug.cgi?id=17630 Changes in the NEWS and ChangeLog files from the original upstream commit have been ignored Upstream commit that fixes this issue: https://sourceware.org/git/gitweb.cgi?p=glibc.git; h=11e3417af6e354f1942c68a271ae51e892b2814d Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
-rw-r--r--meta/recipes-core/eglibc/eglibc-2.19/CVE-2014-9402_endless-loop-in-getaddr_r.patch28
-rw-r--r--meta/recipes-core/eglibc/eglibc_2.19.bb1
2 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-core/eglibc/eglibc-2.19/CVE-2014-9402_endless-loop-in-getaddr_r.patch b/meta/recipes-core/eglibc/eglibc-2.19/CVE-2014-9402_endless-loop-in-getaddr_r.patch
new file mode 100644
index 0000000..f062420
--- /dev/null
+++ b/meta/recipes-core/eglibc/eglibc-2.19/CVE-2014-9402_endless-loop-in-getaddr_r.patch
@@ -0,0 +1,28 @@
1eglibc: CVE-2014-9402 endless loop in getaddr_r
2
3https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=11e3417af6e354f1942c68a271ae51e892b2814d
4
5Upstream-Status: Backport
6
7Signed-off-by: Armin Kuster <akuster@mvista.com>
8Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
9
10From 11e3417af6e354f1942c68a271ae51e892b2814d Mon Sep 17 00:00:00 2001
11From: Florian Weimer <fweimer@redhat.com>
12Date: Mon, 15 Dec 2014 17:41:13 +0100
13Subject: [PATCH] Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
14
15===================================================================
16--- git.orig/resolv/nss_dns/dns-network.c
17+++ git/resolv/nss_dns/dns-network.c
18@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int
19
20 case BYNAME:
21 {
22- char **ap = result->n_aliases++;
23- while (*ap != NULL)
24+ char **ap;
25+ for (ap = result->n_aliases; *ap != NULL; ++ap)
26 {
27 /* Check each alias name for being of the forms:
28 4.3.2.1.in-addr.arpa = net 1.2.3.4
diff --git a/meta/recipes-core/eglibc/eglibc_2.19.bb b/meta/recipes-core/eglibc/eglibc_2.19.bb
index 1ef1a42..a0c605c 100644
--- a/meta/recipes-core/eglibc/eglibc_2.19.bb
+++ b/meta/recipes-core/eglibc/eglibc_2.19.bb
@@ -28,6 +28,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/eglibc/eglibc-${PV}-svnr25
28 file://CVE-2014-5119.patch \ 28 file://CVE-2014-5119.patch \
29 file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \ 29 file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
30 file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \ 30 file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
31 file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
31 " 32 "
32SRC_URI[md5sum] = "197836c2ba42fb146e971222647198dd" 33SRC_URI[md5sum] = "197836c2ba42fb146e971222647198dd"
33SRC_URI[sha256sum] = "baaa030531fc308f7820c46acdf8e1b2f8e3c1f40bcd28b6e440d1c95d170d4c" 34SRC_URI[sha256sum] = "baaa030531fc308f7820c46acdf8e1b2f8e3c1f40bcd28b6e440d1c95d170d4c"