summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBhabu Bindu <bhabu.bindu@kpit.com>2023-12-13 16:45:08 +0530
committerSteve Sakoman <steve@sakoman.com>2023-12-21 05:17:55 -1000
commit43fa25ea6fd7c783aabdfe4cbc71b2eb3666b195 (patch)
tree2b51bee840af2d3c7ecc3e2c629e4c3acc125076
parentf56b09922526c47c1f17c67059bb6b838d105158 (diff)
downloadpoky-43fa25ea6fd7c783aabdfe4cbc71b2eb3666b195.tar.gz
glibc: Fix CVE-2023-4813
Add patch to fix CVE-2023-4813 Link: https://security-tracker.debian.org/tracker/CVE-2023-4813 (From OE-Core rev: d735b2a94091f9a4a91917c73bd73d9ce4a31e3e) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Poonam Jadhav <ppjadhav456@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2023-4813.patch986
-rw-r--r--meta/recipes-core/glibc/glibc_2.31.bb1
2 files changed, 987 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2023-4813.patch b/meta/recipes-core/glibc/glibc/CVE-2023-4813.patch
new file mode 100644
index 0000000000..c7db4038c2
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2023-4813.patch
@@ -0,0 +1,986 @@
1From 1c37b8022e8763fedbb3f79c02e05c6acfe5a215 Mon Sep 17 00:00:00 2001
2From: Siddhesh Poyarekar <siddhesh@sourceware.org>
3Date: Thu, 17 Mar 2022 11:44:34 +0530
4Subject: [PATCH] Simplify allocations and fix merge and continue actions [BZ
5 #28931]
6
7Allocations for address tuples is currently a bit confusing because of
8the pointer chasing through PAT, making it hard to observe the sequence
9in which allocations have been made. Narrow scope of the pointer
10chasing through PAT so that it is only used where necessary.
11
12This also tightens actions behaviour with the hosts database in
13getaddrinfo to comply with the manual text. The "continue" action
14discards previous results and the "merge" action results in an immedate
15lookup failure. Consequently, chaining of allocations across modules is
16no longer necessary, thus opening up cleanup opportunities.
17
18A test has been added that checks some combinations to ensure that they
19work correctly.
20
21Resolves: BZ #28931
22
23CVE: CVE-2023-4813
24Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215]
25Comments: Hunks refreshed
26
27Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
28Reviewed-by: DJ Delorie <dj@redhat.com>
29Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
30---
31 nss/Makefile | 1 +
32 nss/tst-nss-gai-actions.c | 149 ++++++
33 nss/tst-nss-gai-actions.root/etc/host.conf | 1 +
34 nss/tst-nss-gai-actions.root/etc/hosts | 508 +++++++++++++++++++++
35 sysdeps/posix/getaddrinfo.c | 143 +++---
36 5 files changed, 750 insertions(+), 52 deletions(-)
37 create mode 100644 nss/tst-nss-gai-actions.c
38 create mode 100644 nss/tst-nss-gai-actions.root/etc/host.conf
39 create mode 100644 nss/tst-nss-gai-actions.root/etc/hosts
40
41diff --git a/nss/Makefile b/nss/Makefile
42index 42a59535cb..d8b06b44fb 100644
43--- a/nss/Makefile
44+++ b/nss/Makefile
45@@ -61,6 +61,7 @@
46
47 tests-container = \
48 tst-nss-test3 \
49+ tst-nss-gai-actions \
50 tst-nss-files-hosts-long \
51 tst-nss-db-endpwent \
52 tst-nss-db-endgrent
53diff --git a/nss/tst-nss-gai-actions.c b/nss/tst-nss-gai-actions.c
54new file mode 100644
55index 0000000000..efca6cd183
56--- /dev/null
57+++ b/nss/tst-nss-gai-actions.c
58@@ -0,0 +1,149 @@
59+/* Test continue and merge NSS actions for getaddrinfo.
60+ Copyright The GNU Toolchain Authors.
61+ This file is part of the GNU C Library.
62+
63+ The GNU C Library is free software; you can redistribute it and/or
64+ modify it under the terms of the GNU Lesser General Public
65+ License as published by the Free Software Foundation; either
66+ version 2.1 of the License, or (at your option) any later version.
67+
68+ The GNU C Library is distributed in the hope that it will be useful,
69+ but WITHOUT ANY WARRANTY; without even the implied warranty of
70+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
71+ Lesser General Public License for more details.
72+
73+ You should have received a copy of the GNU Lesser General Public
74+ License along with the GNU C Library; if not, see
75+ <https://www.gnu.org/licenses/>. */
76+
77+#include <dlfcn.h>
78+#include <gnu/lib-names.h>
79+#include <nss.h>
80+#include <stdio.h>
81+#include <stdlib.h>
82+#include <string.h>
83+
84+#include <support/check.h>
85+#include <support/format_nss.h>
86+#include <support/support.h>
87+#include <support/xstdio.h>
88+#include <support/xunistd.h>
89+
90+enum
91+{
92+ ACTION_MERGE = 0,
93+ ACTION_CONTINUE,
94+};
95+
96+static const char *
97+family_str (int family)
98+{
99+ switch (family)
100+ {
101+ case AF_UNSPEC:
102+ return "AF_UNSPEC";
103+ case AF_INET:
104+ return "AF_INET";
105+ default:
106+ __builtin_unreachable ();
107+ }
108+}
109+
110+static const char *
111+action_str (int action)
112+{
113+ switch (action)
114+ {
115+ case ACTION_MERGE:
116+ return "merge";
117+ case ACTION_CONTINUE:
118+ return "continue";
119+ default:
120+ __builtin_unreachable ();
121+ }
122+}
123+
124+static void
125+do_one_test (int action, int family, bool canon)
126+{
127+ struct addrinfo hints =
128+ {
129+ .ai_family = family,
130+ };
131+
132+ struct addrinfo *ai;
133+
134+ if (canon)
135+ hints.ai_flags = AI_CANONNAME;
136+
137+ printf ("***** Testing \"files [SUCCESS=%s] files\" for family %s, %s\n",
138+ action_str (action), family_str (family),
139+ canon ? "AI_CANONNAME" : "");
140+
141+ int ret = getaddrinfo ("example.org", "80", &hints, &ai);
142+
143+ switch (action)
144+ {
145+ case ACTION_MERGE:
146+ if (ret == 0)
147+ {
148+ char *formatted = support_format_addrinfo (ai, ret);
149+
150+ printf ("merge unexpectedly succeeded:\n %s\n", formatted);
151+ support_record_failure ();
152+ free (formatted);
153+ }
154+ else
155+ return;
156+ case ACTION_CONTINUE:
157+ {
158+ char *formatted = support_format_addrinfo (ai, ret);
159+
160+ /* Verify that the result appears exactly once. */
161+ const char *expected = "address: STREAM/TCP 192.0.0.1 80\n"
162+ "address: DGRAM/UDP 192.0.0.1 80\n"
163+ "address: RAW/IP 192.0.0.1 80\n";
164+
165+ const char *contains = strstr (formatted, expected);
166+ const char *contains2 = NULL;
167+
168+ if (contains != NULL)
169+ contains2 = strstr (contains + strlen (expected), expected);
170+
171+ if (contains == NULL || contains2 != NULL)
172+ {
173+ printf ("continue failed:\n%s\n", formatted);
174+ support_record_failure ();
175+ }
176+
177+ free (formatted);
178+ break;
179+ }
180+ default:
181+ __builtin_unreachable ();
182+ }
183+}
184+
185+static void
186+do_one_test_set (int action)
187+{
188+ char buf[32];
189+
190+ snprintf (buf, sizeof (buf), "files [SUCCESS=%s] files",
191+ action_str (action));
192+ __nss_configure_lookup ("hosts", buf);
193+
194+ do_one_test (action, AF_UNSPEC, false);
195+ do_one_test (action, AF_INET, false);
196+ do_one_test (action, AF_INET, true);
197+}
198+
199+static int
200+do_test (void)
201+{
202+ do_one_test_set (ACTION_CONTINUE);
203+ do_one_test_set (ACTION_MERGE);
204+ return 0;
205+}
206+
207+#include <support/test-driver.c>
208diff --git a/nss/tst-nss-gai-actions.root/etc/host.conf b/nss/tst-nss-gai-actions.root/etc/host.conf
209new file mode 100644
210index 0000000000..d1a59f73a9
211--- /dev/null
212+++ b/nss/tst-nss-gai-actions.root/etc/host.conf
213@@ -0,0 +1 @@
214+multi on
215diff --git a/nss/tst-nss-gai-actions.root/etc/hosts b/nss/tst-nss-gai-actions.root/etc/hosts
216new file mode 100644
217index 0000000000..50ce9774dc
218--- /dev/null
219+++ b/nss/tst-nss-gai-actions.root/etc/hosts
220@@ -0,0 +1,508 @@
221+192.0.0.1 example.org
222+192.0.0.2 example.org
223+192.0.0.3 example.org
224+192.0.0.4 example.org
225+192.0.0.5 example.org
226+192.0.0.6 example.org
227+192.0.0.7 example.org
228+192.0.0.8 example.org
229+192.0.0.9 example.org
230+192.0.0.10 example.org
231+192.0.0.11 example.org
232+192.0.0.12 example.org
233+192.0.0.13 example.org
234+192.0.0.14 example.org
235+192.0.0.15 example.org
236+192.0.0.16 example.org
237+192.0.0.17 example.org
238+192.0.0.18 example.org
239+192.0.0.19 example.org
240+192.0.0.20 example.org
241+192.0.0.21 example.org
242+192.0.0.22 example.org
243+192.0.0.23 example.org
244+192.0.0.24 example.org
245+192.0.0.25 example.org
246+192.0.0.26 example.org
247+192.0.0.27 example.org
248+192.0.0.28 example.org
249+192.0.0.29 example.org
250+192.0.0.30 example.org
251+192.0.0.31 example.org
252+192.0.0.32 example.org
253+192.0.0.33 example.org
254+192.0.0.34 example.org
255+192.0.0.35 example.org
256+192.0.0.36 example.org
257+192.0.0.37 example.org
258+192.0.0.38 example.org
259+192.0.0.39 example.org
260+192.0.0.40 example.org
261+192.0.0.41 example.org
262+192.0.0.42 example.org
263+192.0.0.43 example.org
264+192.0.0.44 example.org
265+192.0.0.45 example.org
266+192.0.0.46 example.org
267+192.0.0.47 example.org
268+192.0.0.48 example.org
269+192.0.0.49 example.org
270+192.0.0.50 example.org
271+192.0.0.51 example.org
272+192.0.0.52 example.org
273+192.0.0.53 example.org
274+192.0.0.54 example.org
275+192.0.0.55 example.org
276+192.0.0.56 example.org
277+192.0.0.57 example.org
278+192.0.0.58 example.org
279+192.0.0.59 example.org
280+192.0.0.60 example.org
281+192.0.0.61 example.org
282+192.0.0.62 example.org
283+192.0.0.63 example.org
284+192.0.0.64 example.org
285+192.0.0.65 example.org
286+192.0.0.66 example.org
287+192.0.0.67 example.org
288+192.0.0.68 example.org
289+192.0.0.69 example.org
290+192.0.0.70 example.org
291+192.0.0.71 example.org
292+192.0.0.72 example.org
293+192.0.0.73 example.org
294+192.0.0.74 example.org
295+192.0.0.75 example.org
296+192.0.0.76 example.org
297+192.0.0.77 example.org
298+192.0.0.78 example.org
299+192.0.0.79 example.org
300+192.0.0.80 example.org
301+192.0.0.81 example.org
302+192.0.0.82 example.org
303+192.0.0.83 example.org
304+192.0.0.84 example.org
305+192.0.0.85 example.org
306+192.0.0.86 example.org
307+192.0.0.87 example.org
308+192.0.0.88 example.org
309+192.0.0.89 example.org
310+192.0.0.90 example.org
311+192.0.0.91 example.org
312+192.0.0.92 example.org
313+192.0.0.93 example.org
314+192.0.0.94 example.org
315+192.0.0.95 example.org
316+192.0.0.96 example.org
317+192.0.0.97 example.org
318+192.0.0.98 example.org
319+192.0.0.99 example.org
320+192.0.0.100 example.org
321+192.0.0.101 example.org
322+192.0.0.102 example.org
323+192.0.0.103 example.org
324+192.0.0.104 example.org
325+192.0.0.105 example.org
326+192.0.0.106 example.org
327+192.0.0.107 example.org
328+192.0.0.108 example.org
329+192.0.0.109 example.org
330+192.0.0.110 example.org
331+192.0.0.111 example.org
332+192.0.0.112 example.org
333+192.0.0.113 example.org
334+192.0.0.114 example.org
335+192.0.0.115 example.org
336+192.0.0.116 example.org
337+192.0.0.117 example.org
338+192.0.0.118 example.org
339+192.0.0.119 example.org
340+192.0.0.120 example.org
341+192.0.0.121 example.org
342+192.0.0.122 example.org
343+192.0.0.123 example.org
344+192.0.0.124 example.org
345+192.0.0.125 example.org
346+192.0.0.126 example.org
347+192.0.0.127 example.org
348+192.0.0.128 example.org
349+192.0.0.129 example.org
350+192.0.0.130 example.org
351+192.0.0.131 example.org
352+192.0.0.132 example.org
353+192.0.0.133 example.org
354+192.0.0.134 example.org
355+192.0.0.135 example.org
356+192.0.0.136 example.org
357+192.0.0.137 example.org
358+192.0.0.138 example.org
359+192.0.0.139 example.org
360+192.0.0.140 example.org
361+192.0.0.141 example.org
362+192.0.0.142 example.org
363+192.0.0.143 example.org
364+192.0.0.144 example.org
365+192.0.0.145 example.org
366+192.0.0.146 example.org
367+192.0.0.147 example.org
368+192.0.0.148 example.org
369+192.0.0.149 example.org
370+192.0.0.150 example.org
371+192.0.0.151 example.org
372+192.0.0.152 example.org
373+192.0.0.153 example.org
374+192.0.0.154 example.org
375+192.0.0.155 example.org
376+192.0.0.156 example.org
377+192.0.0.157 example.org
378+192.0.0.158 example.org
379+192.0.0.159 example.org
380+192.0.0.160 example.org
381+192.0.0.161 example.org
382+192.0.0.162 example.org
383+192.0.0.163 example.org
384+192.0.0.164 example.org
385+192.0.0.165 example.org
386+192.0.0.166 example.org
387+192.0.0.167 example.org
388+192.0.0.168 example.org
389+192.0.0.169 example.org
390+192.0.0.170 example.org
391+192.0.0.171 example.org
392+192.0.0.172 example.org
393+192.0.0.173 example.org
394+192.0.0.174 example.org
395+192.0.0.175 example.org
396+192.0.0.176 example.org
397+192.0.0.177 example.org
398+192.0.0.178 example.org
399+192.0.0.179 example.org
400+192.0.0.180 example.org
401+192.0.0.181 example.org
402+192.0.0.182 example.org
403+192.0.0.183 example.org
404+192.0.0.184 example.org
405+192.0.0.185 example.org
406+192.0.0.186 example.org
407+192.0.0.187 example.org
408+192.0.0.188 example.org
409+192.0.0.189 example.org
410+192.0.0.190 example.org
411+192.0.0.191 example.org
412+192.0.0.192 example.org
413+192.0.0.193 example.org
414+192.0.0.194 example.org
415+192.0.0.195 example.org
416+192.0.0.196 example.org
417+192.0.0.197 example.org
418+192.0.0.198 example.org
419+192.0.0.199 example.org
420+192.0.0.200 example.org
421+192.0.0.201 example.org
422+192.0.0.202 example.org
423+192.0.0.203 example.org
424+192.0.0.204 example.org
425+192.0.0.205 example.org
426+192.0.0.206 example.org
427+192.0.0.207 example.org
428+192.0.0.208 example.org
429+192.0.0.209 example.org
430+192.0.0.210 example.org
431+192.0.0.211 example.org
432+192.0.0.212 example.org
433+192.0.0.213 example.org
434+192.0.0.214 example.org
435+192.0.0.215 example.org
436+192.0.0.216 example.org
437+192.0.0.217 example.org
438+192.0.0.218 example.org
439+192.0.0.219 example.org
440+192.0.0.220 example.org
441+192.0.0.221 example.org
442+192.0.0.222 example.org
443+192.0.0.223 example.org
444+192.0.0.224 example.org
445+192.0.0.225 example.org
446+192.0.0.226 example.org
447+192.0.0.227 example.org
448+192.0.0.228 example.org
449+192.0.0.229 example.org
450+192.0.0.230 example.org
451+192.0.0.231 example.org
452+192.0.0.232 example.org
453+192.0.0.233 example.org
454+192.0.0.234 example.org
455+192.0.0.235 example.org
456+192.0.0.236 example.org
457+192.0.0.237 example.org
458+192.0.0.238 example.org
459+192.0.0.239 example.org
460+192.0.0.240 example.org
461+192.0.0.241 example.org
462+192.0.0.242 example.org
463+192.0.0.243 example.org
464+192.0.0.244 example.org
465+192.0.0.245 example.org
466+192.0.0.246 example.org
467+192.0.0.247 example.org
468+192.0.0.248 example.org
469+192.0.0.249 example.org
470+192.0.0.250 example.org
471+192.0.0.251 example.org
472+192.0.0.252 example.org
473+192.0.0.253 example.org
474+192.0.0.254 example.org
475+192.0.1.1 example.org
476+192.0.1.2 example.org
477+192.0.1.3 example.org
478+192.0.1.4 example.org
479+192.0.1.5 example.org
480+192.0.1.6 example.org
481+192.0.1.7 example.org
482+192.0.1.8 example.org
483+192.0.1.9 example.org
484+192.0.1.10 example.org
485+192.0.1.11 example.org
486+192.0.1.12 example.org
487+192.0.1.13 example.org
488+192.0.1.14 example.org
489+192.0.1.15 example.org
490+192.0.1.16 example.org
491+192.0.1.17 example.org
492+192.0.1.18 example.org
493+192.0.1.19 example.org
494+192.0.1.20 example.org
495+192.0.1.21 example.org
496+192.0.1.22 example.org
497+192.0.1.23 example.org
498+192.0.1.24 example.org
499+192.0.1.25 example.org
500+192.0.1.26 example.org
501+192.0.1.27 example.org
502+192.0.1.28 example.org
503+192.0.1.29 example.org
504+192.0.1.30 example.org
505+192.0.1.31 example.org
506+192.0.1.32 example.org
507+192.0.1.33 example.org
508+192.0.1.34 example.org
509+192.0.1.35 example.org
510+192.0.1.36 example.org
511+192.0.1.37 example.org
512+192.0.1.38 example.org
513+192.0.1.39 example.org
514+192.0.1.40 example.org
515+192.0.1.41 example.org
516+192.0.1.42 example.org
517+192.0.1.43 example.org
518+192.0.1.44 example.org
519+192.0.1.45 example.org
520+192.0.1.46 example.org
521+192.0.1.47 example.org
522+192.0.1.48 example.org
523+192.0.1.49 example.org
524+192.0.1.50 example.org
525+192.0.1.51 example.org
526+192.0.1.52 example.org
527+192.0.1.53 example.org
528+192.0.1.54 example.org
529+192.0.1.55 example.org
530+192.0.1.56 example.org
531+192.0.1.57 example.org
532+192.0.1.58 example.org
533+192.0.1.59 example.org
534+192.0.1.60 example.org
535+192.0.1.61 example.org
536+192.0.1.62 example.org
537+192.0.1.63 example.org
538+192.0.1.64 example.org
539+192.0.1.65 example.org
540+192.0.1.66 example.org
541+192.0.1.67 example.org
542+192.0.1.68 example.org
543+192.0.1.69 example.org
544+192.0.1.70 example.org
545+192.0.1.71 example.org
546+192.0.1.72 example.org
547+192.0.1.73 example.org
548+192.0.1.74 example.org
549+192.0.1.75 example.org
550+192.0.1.76 example.org
551+192.0.1.77 example.org
552+192.0.1.78 example.org
553+192.0.1.79 example.org
554+192.0.1.80 example.org
555+192.0.1.81 example.org
556+192.0.1.82 example.org
557+192.0.1.83 example.org
558+192.0.1.84 example.org
559+192.0.1.85 example.org
560+192.0.1.86 example.org
561+192.0.1.87 example.org
562+192.0.1.88 example.org
563+192.0.1.89 example.org
564+192.0.1.90 example.org
565+192.0.1.91 example.org
566+192.0.1.92 example.org
567+192.0.1.93 example.org
568+192.0.1.94 example.org
569+192.0.1.95 example.org
570+192.0.1.96 example.org
571+192.0.1.97 example.org
572+192.0.1.98 example.org
573+192.0.1.99 example.org
574+192.0.1.100 example.org
575+192.0.1.101 example.org
576+192.0.1.102 example.org
577+192.0.1.103 example.org
578+192.0.1.104 example.org
579+192.0.1.105 example.org
580+192.0.1.106 example.org
581+192.0.1.107 example.org
582+192.0.1.108 example.org
583+192.0.1.109 example.org
584+192.0.1.110 example.org
585+192.0.1.111 example.org
586+192.0.1.112 example.org
587+192.0.1.113 example.org
588+192.0.1.114 example.org
589+192.0.1.115 example.org
590+192.0.1.116 example.org
591+192.0.1.117 example.org
592+192.0.1.118 example.org
593+192.0.1.119 example.org
594+192.0.1.120 example.org
595+192.0.1.121 example.org
596+192.0.1.122 example.org
597+192.0.1.123 example.org
598+192.0.1.124 example.org
599+192.0.1.125 example.org
600+192.0.1.126 example.org
601+192.0.1.127 example.org
602+192.0.1.128 example.org
603+192.0.1.129 example.org
604+192.0.1.130 example.org
605+192.0.1.131 example.org
606+192.0.1.132 example.org
607+192.0.1.133 example.org
608+192.0.1.134 example.org
609+192.0.1.135 example.org
610+192.0.1.136 example.org
611+192.0.1.137 example.org
612+192.0.1.138 example.org
613+192.0.1.139 example.org
614+192.0.1.140 example.org
615+192.0.1.141 example.org
616+192.0.1.142 example.org
617+192.0.1.143 example.org
618+192.0.1.144 example.org
619+192.0.1.145 example.org
620+192.0.1.146 example.org
621+192.0.1.147 example.org
622+192.0.1.148 example.org
623+192.0.1.149 example.org
624+192.0.1.150 example.org
625+192.0.1.151 example.org
626+192.0.1.152 example.org
627+192.0.1.153 example.org
628+192.0.1.154 example.org
629+192.0.1.155 example.org
630+192.0.1.156 example.org
631+192.0.1.157 example.org
632+192.0.1.158 example.org
633+192.0.1.159 example.org
634+192.0.1.160 example.org
635+192.0.1.161 example.org
636+192.0.1.162 example.org
637+192.0.1.163 example.org
638+192.0.1.164 example.org
639+192.0.1.165 example.org
640+192.0.1.166 example.org
641+192.0.1.167 example.org
642+192.0.1.168 example.org
643+192.0.1.169 example.org
644+192.0.1.170 example.org
645+192.0.1.171 example.org
646+192.0.1.172 example.org
647+192.0.1.173 example.org
648+192.0.1.174 example.org
649+192.0.1.175 example.org
650+192.0.1.176 example.org
651+192.0.1.177 example.org
652+192.0.1.178 example.org
653+192.0.1.179 example.org
654+192.0.1.180 example.org
655+192.0.1.181 example.org
656+192.0.1.182 example.org
657+192.0.1.183 example.org
658+192.0.1.184 example.org
659+192.0.1.185 example.org
660+192.0.1.186 example.org
661+192.0.1.187 example.org
662+192.0.1.188 example.org
663+192.0.1.189 example.org
664+192.0.1.190 example.org
665+192.0.1.191 example.org
666+192.0.1.192 example.org
667+192.0.1.193 example.org
668+192.0.1.194 example.org
669+192.0.1.195 example.org
670+192.0.1.196 example.org
671+192.0.1.197 example.org
672+192.0.1.198 example.org
673+192.0.1.199 example.org
674+192.0.1.200 example.org
675+192.0.1.201 example.org
676+192.0.1.202 example.org
677+192.0.1.203 example.org
678+192.0.1.204 example.org
679+192.0.1.205 example.org
680+192.0.1.206 example.org
681+192.0.1.207 example.org
682+192.0.1.208 example.org
683+192.0.1.209 example.org
684+192.0.1.210 example.org
685+192.0.1.211 example.org
686+192.0.1.212 example.org
687+192.0.1.213 example.org
688+192.0.1.214 example.org
689+192.0.1.215 example.org
690+192.0.1.216 example.org
691+192.0.1.217 example.org
692+192.0.1.218 example.org
693+192.0.1.219 example.org
694+192.0.1.220 example.org
695+192.0.1.221 example.org
696+192.0.1.222 example.org
697+192.0.1.223 example.org
698+192.0.1.224 example.org
699+192.0.1.225 example.org
700+192.0.1.226 example.org
701+192.0.1.227 example.org
702+192.0.1.228 example.org
703+192.0.1.229 example.org
704+192.0.1.230 example.org
705+192.0.1.231 example.org
706+192.0.1.232 example.org
707+192.0.1.233 example.org
708+192.0.1.234 example.org
709+192.0.1.235 example.org
710+192.0.1.236 example.org
711+192.0.1.237 example.org
712+192.0.1.238 example.org
713+192.0.1.239 example.org
714+192.0.1.240 example.org
715+192.0.1.241 example.org
716+192.0.1.242 example.org
717+192.0.1.243 example.org
718+192.0.1.244 example.org
719+192.0.1.245 example.org
720+192.0.1.246 example.org
721+192.0.1.247 example.org
722+192.0.1.248 example.org
723+192.0.1.249 example.org
724+192.0.1.250 example.org
725+192.0.1.251 example.org
726+192.0.1.252 example.org
727+192.0.1.253 example.org
728+192.0.1.254 example.org
729diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
730index 18dccd5924..3d9bea60c6 100644
731--- a/sysdeps/posix/getaddrinfo.c
732+++ b/sysdeps/posix/getaddrinfo.c
733@@ -458,11 +458,6 @@ gaih_inet (const char *name, const struct gaih_service *service,
734
735 if (name != NULL)
736 {
737- at = alloca_account (sizeof (struct gaih_addrtuple), alloca_used);
738- at->family = AF_UNSPEC;
739- at->scopeid = 0;
740- at->next = NULL;
741-
742 if (req->ai_flags & AI_IDN)
743 {
744 char *out;
745@@ -473,13 +468,21 @@ gaih_inet (const char *name, const struct gaih_service *service,
746 malloc_name = true;
747 }
748
749- if (__inet_aton_exact (name, (struct in_addr *) at->addr) != 0)
750+ uint32_t addr[4];
751+ if (__inet_aton_exact (name, (struct in_addr *) addr) != 0)
752 {
753+ at = alloca_account (sizeof (struct gaih_addrtuple), alloca_used);
754+ at->scopeid = 0;
755+ at->next = NULL;
756+
757 if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET)
758- at->family = AF_INET;
759+ {
760+ memcpy (at->addr, addr, sizeof (at->addr));
761+ at->family = AF_INET;
762+ }
763 else if (req->ai_family == AF_INET6 && (req->ai_flags & AI_V4MAPPED))
764 {
765- at->addr[3] = at->addr[0];
766+ at->addr[3] = addr[0];
767 at->addr[2] = htonl (0xffff);
768 at->addr[1] = 0;
769 at->addr[0] = 0;
770@@ -505,49 +505,62 @@
771
772 if (req->ai_flags & AI_CANONNAME)
773 canon = name;
774+
775+ goto process_list;
776 }
777- else if (at->family == AF_UNSPEC)
778+
779+ char *scope_delim = strchr (name, SCOPE_DELIMITER);
780+ int e;
781+
782+ if (scope_delim == NULL)
783+ e = inet_pton (AF_INET6, name, addr);
784+ else
785+ e = __inet_pton_length (AF_INET6, name, scope_delim - name, addr);
786+
787+ if (e > 0)
788 {
789- char *scope_delim = strchr (name, SCOPE_DELIMITER);
790- int e;
791- if (scope_delim == NULL)
792- e = inet_pton (AF_INET6, name, at->addr);
793+ at = alloca_account (sizeof (struct gaih_addrtuple),
794+ alloca_used);
795+ at->scopeid = 0;
796+ at->next = NULL;
797+
798+ if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET6)
799+ {
800+ memcpy (at->addr, addr, sizeof (at->addr));
801+ at->family = AF_INET6;
802+ }
803+ else if (req->ai_family == AF_INET
804+ && IN6_IS_ADDR_V4MAPPED (addr))
805+ {
806+ at->addr[0] = addr[3];
807+ at->addr[1] = addr[1];
808+ at->addr[2] = addr[2];
809+ at->addr[3] = addr[3];
810+ at->family = AF_INET;
811+ }
812 else
813- e = __inet_pton_length (AF_INET6, name, scope_delim - name,
814- at->addr);
815- if (e > 0)
816 {
817- if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET6)
818- at->family = AF_INET6;
819- else if (req->ai_family == AF_INET
820- && IN6_IS_ADDR_V4MAPPED (at->addr))
821- {
822- at->addr[0] = at->addr[3];
823- at->family = AF_INET;
824- }
825- else
826- {
827- result = -EAI_ADDRFAMILY;
828- goto free_and_return;
829- }
830-
831- if (scope_delim != NULL
832- && __inet6_scopeid_pton ((struct in6_addr *) at->addr,
833- scope_delim + 1,
834- &at->scopeid) != 0)
835- {
836- result = -EAI_NONAME;
837- goto free_and_return;
838- }
839+ result = -EAI_ADDRFAMILY;
840+ goto free_and_return;
841+ }
842
843- if (req->ai_flags & AI_CANONNAME)
844- canon = name;
845+ if (scope_delim != NULL
846+ && __inet6_scopeid_pton ((struct in6_addr *) at->addr,
847+ scope_delim + 1,
848+ &at->scopeid) != 0)
849+ {
850+ result = -EAI_NONAME;
851+ goto free_and_return;
852 }
853+
854+ if (req->ai_flags & AI_CANONNAME)
855+ canon = name;
856+
857+ goto process_list;
858 }
859
860- if (at->family == AF_UNSPEC && (req->ai_flags & AI_NUMERICHOST) == 0)
861+ if ((req->ai_flags & AI_NUMERICHOST) == 0)
862 {
863- struct gaih_addrtuple **pat = &at;
864 int no_data = 0;
865 int no_inet6_data = 0;
866 service_user *nip;
867@@ -543,6 +559,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
868 enum nss_status status = NSS_STATUS_UNAVAIL;
869 int no_more;
870 struct resolv_context *res_ctx = NULL;
871+ bool do_merge = false;
872
873 /* If we do not have to look for IPv6 addresses or the canonical
874 name, use the simple, old functions, which do not support
875@@ -579,7 +596,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
876 result = -EAI_MEMORY;
877 goto free_and_return;
878 }
879- *pat = addrmem;
880+ at = addrmem;
881 }
882 else
883 {
884@@ -632,6 +649,8 @@ gaih_inet (const char *name, const struct gaih_service *service,
885 }
886
887 struct gaih_addrtuple *addrfree = addrmem;
888+ struct gaih_addrtuple **pat = &at;
889+
890 for (int i = 0; i < air->naddrs; ++i)
891 {
892 socklen_t size = (air->family[i] == AF_INET
893@@ -695,12 +714,6 @@ gaih_inet (const char *name, const struct gaih_service *service,
894
895 free (air);
896
897- if (at->family == AF_UNSPEC)
898- {
899- result = -EAI_NONAME;
900- goto free_and_return;
901- }
902-
903 goto process_list;
904 }
905 else if (err == 0)
906@@ -750,6 +763,22 @@
907
908 while (!no_more)
909 {
910+ /* Always start afresh; continue should discard previous results
911+ and the hosts database does not support merge. */
912+ at = NULL;
913+ free (canonbuf);
914+ free (addrmem);
915+ canon = canonbuf = NULL;
916+ addrmem = NULL;
917+ got_ipv6 = false;
918+
919+ if (do_merge)
920+ {
921+ __set_h_errno (NETDB_INTERNAL);
922+ __set_errno (EBUSY);
923+ break;
924+ }
925+
926 no_data = 0;
927 nss_gethostbyname4_r fct4 = NULL;
928
929@@ -744,12 +773,14 @@ gaih_inet (const char *name, const struct gaih_service *service,
930 {
931 while (1)
932 {
933- status = DL_CALL_FCT (fct4, (name, pat,
934+ status = DL_CALL_FCT (fct4, (name, &at,
935 tmpbuf->data, tmpbuf->length,
936 &errno, &h_errno,
937 NULL));
938 if (status == NSS_STATUS_SUCCESS)
939 break;
940+ /* gethostbyname4_r may write into AT, so reset it. */
941+ at = NULL;
942 if (status != NSS_STATUS_TRYAGAIN
943 || errno != ERANGE || h_errno != NETDB_INTERNAL)
944 {
945@@ -774,7 +805,9 @@ gaih_inet (const char *name, const struct gaih_service *service,
946 no_data = 1;
947
948 if ((req->ai_flags & AI_CANONNAME) != 0 && canon == NULL)
949- canon = (*pat)->name;
950+ canon = at->name;
951+
952+ struct gaih_addrtuple **pat = &at;
953
954 while (*pat != NULL)
955 {
956@@ -826,6 +859,8 @@ gaih_inet (const char *name, const struct gaih_service *service,
957
958 if (fct != NULL)
959 {
960+ struct gaih_addrtuple **pat = &at;
961+
962 if (req->ai_family == AF_INET6
963 || req->ai_family == AF_UNSPEC)
964 {
965@@ -917,6 +946,10 @@
966 if (nss_next_action (nip, status) == NSS_ACTION_RETURN)
967 break;
968
969+ /* The hosts database does not support MERGE. */
970+ if (nss_next_action (nip, status) == NSS_ACTION_MERGE)
971+ do_merge = true;
972+
973 if (nip->next == NULL)
974 no_more = -1;
975 else
976@@ -930,7 +969,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
977 }
978
979 process_list:
980- if (at->family == AF_UNSPEC)
981+ if (at == NULL)
982 {
983 result = -EAI_NONAME;
984 goto free_and_return;
985--
9862.39.3
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 8298088323..296c892994 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -88,6 +88,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
88 file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \ 88 file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \
89 file://CVE-2023-0687.patch \ 89 file://CVE-2023-0687.patch \
90 file://CVE-2023-4911.patch \ 90 file://CVE-2023-4911.patch \
91 file://CVE-2023-4813.patch \
91 " 92 "
92S = "${WORKDIR}/git" 93S = "${WORKDIR}/git"
93B = "${WORKDIR}/build-${TARGET_SYS}" 94B = "${WORKDIR}/build-${TARGET_SYS}"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-06 01:06:47 +0000