diff options
author | Bhabu Bindu <bhabu.bindu@kpit.com> | 2023-12-13 16:45:08 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-12-21 05:17:55 -1000 |
commit | 43fa25ea6fd7c783aabdfe4cbc71b2eb3666b195 (patch) | |
tree | 2b51bee840af2d3c7ecc3e2c629e4c3acc125076 | |
parent | f56b09922526c47c1f17c67059bb6b838d105158 (diff) | |
download | poky-43fa25ea6fd7c783aabdfe4cbc71b2eb3666b195.tar.gz |
glibc: Fix CVE-2023-4813
Add patch to fix CVE-2023-4813
Link: https://security-tracker.debian.org/tracker/CVE-2023-4813
(From OE-Core rev: d735b2a94091f9a4a91917c73bd73d9ce4a31e3e)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Poonam Jadhav <ppjadhav456@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2023-4813.patch | 986 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.31.bb | 1 |
2 files changed, 987 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2023-4813.patch b/meta/recipes-core/glibc/glibc/CVE-2023-4813.patch new file mode 100644 index 0000000000..c7db4038c2 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2023-4813.patch | |||
@@ -0,0 +1,986 @@ | |||
1 | From 1c37b8022e8763fedbb3f79c02e05c6acfe5a215 Mon Sep 17 00:00:00 2001 | ||
2 | From: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
3 | Date: Thu, 17 Mar 2022 11:44:34 +0530 | ||
4 | Subject: [PATCH] Simplify allocations and fix merge and continue actions [BZ | ||
5 | #28931] | ||
6 | |||
7 | Allocations for address tuples is currently a bit confusing because of | ||
8 | the pointer chasing through PAT, making it hard to observe the sequence | ||
9 | in which allocations have been made. Narrow scope of the pointer | ||
10 | chasing through PAT so that it is only used where necessary. | ||
11 | |||
12 | This also tightens actions behaviour with the hosts database in | ||
13 | getaddrinfo to comply with the manual text. The "continue" action | ||
14 | discards previous results and the "merge" action results in an immedate | ||
15 | lookup failure. Consequently, chaining of allocations across modules is | ||
16 | no longer necessary, thus opening up cleanup opportunities. | ||
17 | |||
18 | A test has been added that checks some combinations to ensure that they | ||
19 | work correctly. | ||
20 | |||
21 | Resolves: BZ #28931 | ||
22 | |||
23 | CVE: CVE-2023-4813 | ||
24 | Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215] | ||
25 | Comments: Hunks refreshed | ||
26 | |||
27 | Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
28 | Reviewed-by: DJ Delorie <dj@redhat.com> | ||
29 | Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> | ||
30 | --- | ||
31 | nss/Makefile | 1 + | ||
32 | nss/tst-nss-gai-actions.c | 149 ++++++ | ||
33 | nss/tst-nss-gai-actions.root/etc/host.conf | 1 + | ||
34 | nss/tst-nss-gai-actions.root/etc/hosts | 508 +++++++++++++++++++++ | ||
35 | sysdeps/posix/getaddrinfo.c | 143 +++--- | ||
36 | 5 files changed, 750 insertions(+), 52 deletions(-) | ||
37 | create mode 100644 nss/tst-nss-gai-actions.c | ||
38 | create mode 100644 nss/tst-nss-gai-actions.root/etc/host.conf | ||
39 | create mode 100644 nss/tst-nss-gai-actions.root/etc/hosts | ||
40 | |||
41 | diff --git a/nss/Makefile b/nss/Makefile | ||
42 | index 42a59535cb..d8b06b44fb 100644 | ||
43 | --- a/nss/Makefile | ||
44 | +++ b/nss/Makefile | ||
45 | @@ -61,6 +61,7 @@ | ||
46 | |||
47 | tests-container = \ | ||
48 | tst-nss-test3 \ | ||
49 | + tst-nss-gai-actions \ | ||
50 | tst-nss-files-hosts-long \ | ||
51 | tst-nss-db-endpwent \ | ||
52 | tst-nss-db-endgrent | ||
53 | diff --git a/nss/tst-nss-gai-actions.c b/nss/tst-nss-gai-actions.c | ||
54 | new file mode 100644 | ||
55 | index 0000000000..efca6cd183 | ||
56 | --- /dev/null | ||
57 | +++ b/nss/tst-nss-gai-actions.c | ||
58 | @@ -0,0 +1,149 @@ | ||
59 | +/* Test continue and merge NSS actions for getaddrinfo. | ||
60 | + Copyright The GNU Toolchain Authors. | ||
61 | + This file is part of the GNU C Library. | ||
62 | + | ||
63 | + The GNU C Library is free software; you can redistribute it and/or | ||
64 | + modify it under the terms of the GNU Lesser General Public | ||
65 | + License as published by the Free Software Foundation; either | ||
66 | + version 2.1 of the License, or (at your option) any later version. | ||
67 | + | ||
68 | + The GNU C Library is distributed in the hope that it will be useful, | ||
69 | + but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
70 | + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
71 | + Lesser General Public License for more details. | ||
72 | + | ||
73 | + You should have received a copy of the GNU Lesser General Public | ||
74 | + License along with the GNU C Library; if not, see | ||
75 | + <https://www.gnu.org/licenses/>. */ | ||
76 | + | ||
77 | +#include <dlfcn.h> | ||
78 | +#include <gnu/lib-names.h> | ||
79 | +#include <nss.h> | ||
80 | +#include <stdio.h> | ||
81 | +#include <stdlib.h> | ||
82 | +#include <string.h> | ||
83 | + | ||
84 | +#include <support/check.h> | ||
85 | +#include <support/format_nss.h> | ||
86 | +#include <support/support.h> | ||
87 | +#include <support/xstdio.h> | ||
88 | +#include <support/xunistd.h> | ||
89 | + | ||
90 | +enum | ||
91 | +{ | ||
92 | + ACTION_MERGE = 0, | ||
93 | + ACTION_CONTINUE, | ||
94 | +}; | ||
95 | + | ||
96 | +static const char * | ||
97 | +family_str (int family) | ||
98 | +{ | ||
99 | + switch (family) | ||
100 | + { | ||
101 | + case AF_UNSPEC: | ||
102 | + return "AF_UNSPEC"; | ||
103 | + case AF_INET: | ||
104 | + return "AF_INET"; | ||
105 | + default: | ||
106 | + __builtin_unreachable (); | ||
107 | + } | ||
108 | +} | ||
109 | + | ||
110 | +static const char * | ||
111 | +action_str (int action) | ||
112 | +{ | ||
113 | + switch (action) | ||
114 | + { | ||
115 | + case ACTION_MERGE: | ||
116 | + return "merge"; | ||
117 | + case ACTION_CONTINUE: | ||
118 | + return "continue"; | ||
119 | + default: | ||
120 | + __builtin_unreachable (); | ||
121 | + } | ||
122 | +} | ||
123 | + | ||
124 | +static void | ||
125 | +do_one_test (int action, int family, bool canon) | ||
126 | +{ | ||
127 | + struct addrinfo hints = | ||
128 | + { | ||
129 | + .ai_family = family, | ||
130 | + }; | ||
131 | + | ||
132 | + struct addrinfo *ai; | ||
133 | + | ||
134 | + if (canon) | ||
135 | + hints.ai_flags = AI_CANONNAME; | ||
136 | + | ||
137 | + printf ("***** Testing \"files [SUCCESS=%s] files\" for family %s, %s\n", | ||
138 | + action_str (action), family_str (family), | ||
139 | + canon ? "AI_CANONNAME" : ""); | ||
140 | + | ||
141 | + int ret = getaddrinfo ("example.org", "80", &hints, &ai); | ||
142 | + | ||
143 | + switch (action) | ||
144 | + { | ||
145 | + case ACTION_MERGE: | ||
146 | + if (ret == 0) | ||
147 | + { | ||
148 | + char *formatted = support_format_addrinfo (ai, ret); | ||
149 | + | ||
150 | + printf ("merge unexpectedly succeeded:\n %s\n", formatted); | ||
151 | + support_record_failure (); | ||
152 | + free (formatted); | ||
153 | + } | ||
154 | + else | ||
155 | + return; | ||
156 | + case ACTION_CONTINUE: | ||
157 | + { | ||
158 | + char *formatted = support_format_addrinfo (ai, ret); | ||
159 | + | ||
160 | + /* Verify that the result appears exactly once. */ | ||
161 | + const char *expected = "address: STREAM/TCP 192.0.0.1 80\n" | ||
162 | + "address: DGRAM/UDP 192.0.0.1 80\n" | ||
163 | + "address: RAW/IP 192.0.0.1 80\n"; | ||
164 | + | ||
165 | + const char *contains = strstr (formatted, expected); | ||
166 | + const char *contains2 = NULL; | ||
167 | + | ||
168 | + if (contains != NULL) | ||
169 | + contains2 = strstr (contains + strlen (expected), expected); | ||
170 | + | ||
171 | + if (contains == NULL || contains2 != NULL) | ||
172 | + { | ||
173 | + printf ("continue failed:\n%s\n", formatted); | ||
174 | + support_record_failure (); | ||
175 | + } | ||
176 | + | ||
177 | + free (formatted); | ||
178 | + break; | ||
179 | + } | ||
180 | + default: | ||
181 | + __builtin_unreachable (); | ||
182 | + } | ||
183 | +} | ||
184 | + | ||
185 | +static void | ||
186 | +do_one_test_set (int action) | ||
187 | +{ | ||
188 | + char buf[32]; | ||
189 | + | ||
190 | + snprintf (buf, sizeof (buf), "files [SUCCESS=%s] files", | ||
191 | + action_str (action)); | ||
192 | + __nss_configure_lookup ("hosts", buf); | ||
193 | + | ||
194 | + do_one_test (action, AF_UNSPEC, false); | ||
195 | + do_one_test (action, AF_INET, false); | ||
196 | + do_one_test (action, AF_INET, true); | ||
197 | +} | ||
198 | + | ||
199 | +static int | ||
200 | +do_test (void) | ||
201 | +{ | ||
202 | + do_one_test_set (ACTION_CONTINUE); | ||
203 | + do_one_test_set (ACTION_MERGE); | ||
204 | + return 0; | ||
205 | +} | ||
206 | + | ||
207 | +#include <support/test-driver.c> | ||
208 | diff --git a/nss/tst-nss-gai-actions.root/etc/host.conf b/nss/tst-nss-gai-actions.root/etc/host.conf | ||
209 | new file mode 100644 | ||
210 | index 0000000000..d1a59f73a9 | ||
211 | --- /dev/null | ||
212 | +++ b/nss/tst-nss-gai-actions.root/etc/host.conf | ||
213 | @@ -0,0 +1 @@ | ||
214 | +multi on | ||
215 | diff --git a/nss/tst-nss-gai-actions.root/etc/hosts b/nss/tst-nss-gai-actions.root/etc/hosts | ||
216 | new file mode 100644 | ||
217 | index 0000000000..50ce9774dc | ||
218 | --- /dev/null | ||
219 | +++ b/nss/tst-nss-gai-actions.root/etc/hosts | ||
220 | @@ -0,0 +1,508 @@ | ||
221 | +192.0.0.1 example.org | ||
222 | +192.0.0.2 example.org | ||
223 | +192.0.0.3 example.org | ||
224 | +192.0.0.4 example.org | ||
225 | +192.0.0.5 example.org | ||
226 | +192.0.0.6 example.org | ||
227 | +192.0.0.7 example.org | ||
228 | +192.0.0.8 example.org | ||
229 | +192.0.0.9 example.org | ||
230 | +192.0.0.10 example.org | ||
231 | +192.0.0.11 example.org | ||
232 | +192.0.0.12 example.org | ||
233 | +192.0.0.13 example.org | ||
234 | +192.0.0.14 example.org | ||
235 | +192.0.0.15 example.org | ||
236 | +192.0.0.16 example.org | ||
237 | +192.0.0.17 example.org | ||
238 | +192.0.0.18 example.org | ||
239 | +192.0.0.19 example.org | ||
240 | +192.0.0.20 example.org | ||
241 | +192.0.0.21 example.org | ||
242 | +192.0.0.22 example.org | ||
243 | +192.0.0.23 example.org | ||
244 | +192.0.0.24 example.org | ||
245 | +192.0.0.25 example.org | ||
246 | +192.0.0.26 example.org | ||
247 | +192.0.0.27 example.org | ||
248 | +192.0.0.28 example.org | ||
249 | +192.0.0.29 example.org | ||
250 | +192.0.0.30 example.org | ||
251 | +192.0.0.31 example.org | ||
252 | +192.0.0.32 example.org | ||
253 | +192.0.0.33 example.org | ||
254 | +192.0.0.34 example.org | ||
255 | +192.0.0.35 example.org | ||
256 | +192.0.0.36 example.org | ||
257 | +192.0.0.37 example.org | ||
258 | +192.0.0.38 example.org | ||
259 | +192.0.0.39 example.org | ||
260 | +192.0.0.40 example.org | ||
261 | +192.0.0.41 example.org | ||
262 | +192.0.0.42 example.org | ||
263 | +192.0.0.43 example.org | ||
264 | +192.0.0.44 example.org | ||
265 | +192.0.0.45 example.org | ||
266 | +192.0.0.46 example.org | ||
267 | +192.0.0.47 example.org | ||
268 | +192.0.0.48 example.org | ||
269 | +192.0.0.49 example.org | ||
270 | +192.0.0.50 example.org | ||
271 | +192.0.0.51 example.org | ||
272 | +192.0.0.52 example.org | ||
273 | +192.0.0.53 example.org | ||
274 | +192.0.0.54 example.org | ||
275 | +192.0.0.55 example.org | ||
276 | +192.0.0.56 example.org | ||
277 | +192.0.0.57 example.org | ||
278 | +192.0.0.58 example.org | ||
279 | +192.0.0.59 example.org | ||
280 | +192.0.0.60 example.org | ||
281 | +192.0.0.61 example.org | ||
282 | +192.0.0.62 example.org | ||
283 | +192.0.0.63 example.org | ||
284 | +192.0.0.64 example.org | ||
285 | +192.0.0.65 example.org | ||
286 | +192.0.0.66 example.org | ||
287 | +192.0.0.67 example.org | ||
288 | +192.0.0.68 example.org | ||
289 | +192.0.0.69 example.org | ||
290 | +192.0.0.70 example.org | ||
291 | +192.0.0.71 example.org | ||
292 | +192.0.0.72 example.org | ||
293 | +192.0.0.73 example.org | ||
294 | +192.0.0.74 example.org | ||
295 | +192.0.0.75 example.org | ||
296 | +192.0.0.76 example.org | ||
297 | +192.0.0.77 example.org | ||
298 | +192.0.0.78 example.org | ||
299 | +192.0.0.79 example.org | ||
300 | +192.0.0.80 example.org | ||
301 | +192.0.0.81 example.org | ||
302 | +192.0.0.82 example.org | ||
303 | +192.0.0.83 example.org | ||
304 | +192.0.0.84 example.org | ||
305 | +192.0.0.85 example.org | ||
306 | +192.0.0.86 example.org | ||
307 | +192.0.0.87 example.org | ||
308 | +192.0.0.88 example.org | ||
309 | +192.0.0.89 example.org | ||
310 | +192.0.0.90 example.org | ||
311 | +192.0.0.91 example.org | ||
312 | +192.0.0.92 example.org | ||
313 | +192.0.0.93 example.org | ||
314 | +192.0.0.94 example.org | ||
315 | +192.0.0.95 example.org | ||
316 | +192.0.0.96 example.org | ||
317 | +192.0.0.97 example.org | ||
318 | +192.0.0.98 example.org | ||
319 | +192.0.0.99 example.org | ||
320 | +192.0.0.100 example.org | ||
321 | +192.0.0.101 example.org | ||
322 | +192.0.0.102 example.org | ||
323 | +192.0.0.103 example.org | ||
324 | +192.0.0.104 example.org | ||
325 | +192.0.0.105 example.org | ||
326 | +192.0.0.106 example.org | ||
327 | +192.0.0.107 example.org | ||
328 | +192.0.0.108 example.org | ||
329 | +192.0.0.109 example.org | ||
330 | +192.0.0.110 example.org | ||
331 | +192.0.0.111 example.org | ||
332 | +192.0.0.112 example.org | ||
333 | +192.0.0.113 example.org | ||
334 | +192.0.0.114 example.org | ||
335 | +192.0.0.115 example.org | ||
336 | +192.0.0.116 example.org | ||
337 | +192.0.0.117 example.org | ||
338 | +192.0.0.118 example.org | ||
339 | +192.0.0.119 example.org | ||
340 | +192.0.0.120 example.org | ||
341 | +192.0.0.121 example.org | ||
342 | +192.0.0.122 example.org | ||
343 | +192.0.0.123 example.org | ||
344 | +192.0.0.124 example.org | ||
345 | +192.0.0.125 example.org | ||
346 | +192.0.0.126 example.org | ||
347 | +192.0.0.127 example.org | ||
348 | +192.0.0.128 example.org | ||
349 | +192.0.0.129 example.org | ||
350 | +192.0.0.130 example.org | ||
351 | +192.0.0.131 example.org | ||
352 | +192.0.0.132 example.org | ||
353 | +192.0.0.133 example.org | ||
354 | +192.0.0.134 example.org | ||
355 | +192.0.0.135 example.org | ||
356 | +192.0.0.136 example.org | ||
357 | +192.0.0.137 example.org | ||
358 | +192.0.0.138 example.org | ||
359 | +192.0.0.139 example.org | ||
360 | +192.0.0.140 example.org | ||
361 | +192.0.0.141 example.org | ||
362 | +192.0.0.142 example.org | ||
363 | +192.0.0.143 example.org | ||
364 | +192.0.0.144 example.org | ||
365 | +192.0.0.145 example.org | ||
366 | +192.0.0.146 example.org | ||
367 | +192.0.0.147 example.org | ||
368 | +192.0.0.148 example.org | ||
369 | +192.0.0.149 example.org | ||
370 | +192.0.0.150 example.org | ||
371 | +192.0.0.151 example.org | ||
372 | +192.0.0.152 example.org | ||
373 | +192.0.0.153 example.org | ||
374 | +192.0.0.154 example.org | ||
375 | +192.0.0.155 example.org | ||
376 | +192.0.0.156 example.org | ||
377 | +192.0.0.157 example.org | ||
378 | +192.0.0.158 example.org | ||
379 | +192.0.0.159 example.org | ||
380 | +192.0.0.160 example.org | ||
381 | +192.0.0.161 example.org | ||
382 | +192.0.0.162 example.org | ||
383 | +192.0.0.163 example.org | ||
384 | +192.0.0.164 example.org | ||
385 | +192.0.0.165 example.org | ||
386 | +192.0.0.166 example.org | ||
387 | +192.0.0.167 example.org | ||
388 | +192.0.0.168 example.org | ||
389 | +192.0.0.169 example.org | ||
390 | +192.0.0.170 example.org | ||
391 | +192.0.0.171 example.org | ||
392 | +192.0.0.172 example.org | ||
393 | +192.0.0.173 example.org | ||
394 | +192.0.0.174 example.org | ||
395 | +192.0.0.175 example.org | ||
396 | +192.0.0.176 example.org | ||
397 | +192.0.0.177 example.org | ||
398 | +192.0.0.178 example.org | ||
399 | +192.0.0.179 example.org | ||
400 | +192.0.0.180 example.org | ||
401 | +192.0.0.181 example.org | ||
402 | +192.0.0.182 example.org | ||
403 | +192.0.0.183 example.org | ||
404 | +192.0.0.184 example.org | ||
405 | +192.0.0.185 example.org | ||
406 | +192.0.0.186 example.org | ||
407 | +192.0.0.187 example.org | ||
408 | +192.0.0.188 example.org | ||
409 | +192.0.0.189 example.org | ||
410 | +192.0.0.190 example.org | ||
411 | +192.0.0.191 example.org | ||
412 | +192.0.0.192 example.org | ||
413 | +192.0.0.193 example.org | ||
414 | +192.0.0.194 example.org | ||
415 | +192.0.0.195 example.org | ||
416 | +192.0.0.196 example.org | ||
417 | +192.0.0.197 example.org | ||
418 | +192.0.0.198 example.org | ||
419 | +192.0.0.199 example.org | ||
420 | +192.0.0.200 example.org | ||
421 | +192.0.0.201 example.org | ||
422 | +192.0.0.202 example.org | ||
423 | +192.0.0.203 example.org | ||
424 | +192.0.0.204 example.org | ||
425 | +192.0.0.205 example.org | ||
426 | +192.0.0.206 example.org | ||
427 | +192.0.0.207 example.org | ||
428 | +192.0.0.208 example.org | ||
429 | +192.0.0.209 example.org | ||
430 | +192.0.0.210 example.org | ||
431 | +192.0.0.211 example.org | ||
432 | +192.0.0.212 example.org | ||
433 | +192.0.0.213 example.org | ||
434 | +192.0.0.214 example.org | ||
435 | +192.0.0.215 example.org | ||
436 | +192.0.0.216 example.org | ||
437 | +192.0.0.217 example.org | ||
438 | +192.0.0.218 example.org | ||
439 | +192.0.0.219 example.org | ||
440 | +192.0.0.220 example.org | ||
441 | +192.0.0.221 example.org | ||
442 | +192.0.0.222 example.org | ||
443 | +192.0.0.223 example.org | ||
444 | +192.0.0.224 example.org | ||
445 | +192.0.0.225 example.org | ||
446 | +192.0.0.226 example.org | ||
447 | +192.0.0.227 example.org | ||
448 | +192.0.0.228 example.org | ||
449 | +192.0.0.229 example.org | ||
450 | +192.0.0.230 example.org | ||
451 | +192.0.0.231 example.org | ||
452 | +192.0.0.232 example.org | ||
453 | +192.0.0.233 example.org | ||
454 | +192.0.0.234 example.org | ||
455 | +192.0.0.235 example.org | ||
456 | +192.0.0.236 example.org | ||
457 | +192.0.0.237 example.org | ||
458 | +192.0.0.238 example.org | ||
459 | +192.0.0.239 example.org | ||
460 | +192.0.0.240 example.org | ||
461 | +192.0.0.241 example.org | ||
462 | +192.0.0.242 example.org | ||
463 | +192.0.0.243 example.org | ||
464 | +192.0.0.244 example.org | ||
465 | +192.0.0.245 example.org | ||
466 | +192.0.0.246 example.org | ||
467 | +192.0.0.247 example.org | ||
468 | +192.0.0.248 example.org | ||
469 | +192.0.0.249 example.org | ||
470 | +192.0.0.250 example.org | ||
471 | +192.0.0.251 example.org | ||
472 | +192.0.0.252 example.org | ||
473 | +192.0.0.253 example.org | ||
474 | +192.0.0.254 example.org | ||
475 | +192.0.1.1 example.org | ||
476 | +192.0.1.2 example.org | ||
477 | +192.0.1.3 example.org | ||
478 | +192.0.1.4 example.org | ||
479 | +192.0.1.5 example.org | ||
480 | +192.0.1.6 example.org | ||
481 | +192.0.1.7 example.org | ||
482 | +192.0.1.8 example.org | ||
483 | +192.0.1.9 example.org | ||
484 | +192.0.1.10 example.org | ||
485 | +192.0.1.11 example.org | ||
486 | +192.0.1.12 example.org | ||
487 | +192.0.1.13 example.org | ||
488 | +192.0.1.14 example.org | ||
489 | +192.0.1.15 example.org | ||
490 | +192.0.1.16 example.org | ||
491 | +192.0.1.17 example.org | ||
492 | +192.0.1.18 example.org | ||
493 | +192.0.1.19 example.org | ||
494 | +192.0.1.20 example.org | ||
495 | +192.0.1.21 example.org | ||
496 | +192.0.1.22 example.org | ||
497 | +192.0.1.23 example.org | ||
498 | +192.0.1.24 example.org | ||
499 | +192.0.1.25 example.org | ||
500 | +192.0.1.26 example.org | ||
501 | +192.0.1.27 example.org | ||
502 | +192.0.1.28 example.org | ||
503 | +192.0.1.29 example.org | ||
504 | +192.0.1.30 example.org | ||
505 | +192.0.1.31 example.org | ||
506 | +192.0.1.32 example.org | ||
507 | +192.0.1.33 example.org | ||
508 | +192.0.1.34 example.org | ||
509 | +192.0.1.35 example.org | ||
510 | +192.0.1.36 example.org | ||
511 | +192.0.1.37 example.org | ||
512 | +192.0.1.38 example.org | ||
513 | +192.0.1.39 example.org | ||
514 | +192.0.1.40 example.org | ||
515 | +192.0.1.41 example.org | ||
516 | +192.0.1.42 example.org | ||
517 | +192.0.1.43 example.org | ||
518 | +192.0.1.44 example.org | ||
519 | +192.0.1.45 example.org | ||
520 | +192.0.1.46 example.org | ||
521 | +192.0.1.47 example.org | ||
522 | +192.0.1.48 example.org | ||
523 | +192.0.1.49 example.org | ||
524 | +192.0.1.50 example.org | ||
525 | +192.0.1.51 example.org | ||
526 | +192.0.1.52 example.org | ||
527 | +192.0.1.53 example.org | ||
528 | +192.0.1.54 example.org | ||
529 | +192.0.1.55 example.org | ||
530 | +192.0.1.56 example.org | ||
531 | +192.0.1.57 example.org | ||
532 | +192.0.1.58 example.org | ||
533 | +192.0.1.59 example.org | ||
534 | +192.0.1.60 example.org | ||
535 | +192.0.1.61 example.org | ||
536 | +192.0.1.62 example.org | ||
537 | +192.0.1.63 example.org | ||
538 | +192.0.1.64 example.org | ||
539 | +192.0.1.65 example.org | ||
540 | +192.0.1.66 example.org | ||
541 | +192.0.1.67 example.org | ||
542 | +192.0.1.68 example.org | ||
543 | +192.0.1.69 example.org | ||
544 | +192.0.1.70 example.org | ||
545 | +192.0.1.71 example.org | ||
546 | +192.0.1.72 example.org | ||
547 | +192.0.1.73 example.org | ||
548 | +192.0.1.74 example.org | ||
549 | +192.0.1.75 example.org | ||
550 | +192.0.1.76 example.org | ||
551 | +192.0.1.77 example.org | ||
552 | +192.0.1.78 example.org | ||
553 | +192.0.1.79 example.org | ||
554 | +192.0.1.80 example.org | ||
555 | +192.0.1.81 example.org | ||
556 | +192.0.1.82 example.org | ||
557 | +192.0.1.83 example.org | ||
558 | +192.0.1.84 example.org | ||
559 | +192.0.1.85 example.org | ||
560 | +192.0.1.86 example.org | ||
561 | +192.0.1.87 example.org | ||
562 | +192.0.1.88 example.org | ||
563 | +192.0.1.89 example.org | ||
564 | +192.0.1.90 example.org | ||
565 | +192.0.1.91 example.org | ||
566 | +192.0.1.92 example.org | ||
567 | +192.0.1.93 example.org | ||
568 | +192.0.1.94 example.org | ||
569 | +192.0.1.95 example.org | ||
570 | +192.0.1.96 example.org | ||
571 | +192.0.1.97 example.org | ||
572 | +192.0.1.98 example.org | ||
573 | +192.0.1.99 example.org | ||
574 | +192.0.1.100 example.org | ||
575 | +192.0.1.101 example.org | ||
576 | +192.0.1.102 example.org | ||
577 | +192.0.1.103 example.org | ||
578 | +192.0.1.104 example.org | ||
579 | +192.0.1.105 example.org | ||
580 | +192.0.1.106 example.org | ||
581 | +192.0.1.107 example.org | ||
582 | +192.0.1.108 example.org | ||
583 | +192.0.1.109 example.org | ||
584 | +192.0.1.110 example.org | ||
585 | +192.0.1.111 example.org | ||
586 | +192.0.1.112 example.org | ||
587 | +192.0.1.113 example.org | ||
588 | +192.0.1.114 example.org | ||
589 | +192.0.1.115 example.org | ||
590 | +192.0.1.116 example.org | ||
591 | +192.0.1.117 example.org | ||
592 | +192.0.1.118 example.org | ||
593 | +192.0.1.119 example.org | ||
594 | +192.0.1.120 example.org | ||
595 | +192.0.1.121 example.org | ||
596 | +192.0.1.122 example.org | ||
597 | +192.0.1.123 example.org | ||
598 | +192.0.1.124 example.org | ||
599 | +192.0.1.125 example.org | ||
600 | +192.0.1.126 example.org | ||
601 | +192.0.1.127 example.org | ||
602 | +192.0.1.128 example.org | ||
603 | +192.0.1.129 example.org | ||
604 | +192.0.1.130 example.org | ||
605 | +192.0.1.131 example.org | ||
606 | +192.0.1.132 example.org | ||
607 | +192.0.1.133 example.org | ||
608 | +192.0.1.134 example.org | ||
609 | +192.0.1.135 example.org | ||
610 | +192.0.1.136 example.org | ||
611 | +192.0.1.137 example.org | ||
612 | +192.0.1.138 example.org | ||
613 | +192.0.1.139 example.org | ||
614 | +192.0.1.140 example.org | ||
615 | +192.0.1.141 example.org | ||
616 | +192.0.1.142 example.org | ||
617 | +192.0.1.143 example.org | ||
618 | +192.0.1.144 example.org | ||
619 | +192.0.1.145 example.org | ||
620 | +192.0.1.146 example.org | ||
621 | +192.0.1.147 example.org | ||
622 | +192.0.1.148 example.org | ||
623 | +192.0.1.149 example.org | ||
624 | +192.0.1.150 example.org | ||
625 | +192.0.1.151 example.org | ||
626 | +192.0.1.152 example.org | ||
627 | +192.0.1.153 example.org | ||
628 | +192.0.1.154 example.org | ||
629 | +192.0.1.155 example.org | ||
630 | +192.0.1.156 example.org | ||
631 | +192.0.1.157 example.org | ||
632 | +192.0.1.158 example.org | ||
633 | +192.0.1.159 example.org | ||
634 | +192.0.1.160 example.org | ||
635 | +192.0.1.161 example.org | ||
636 | +192.0.1.162 example.org | ||
637 | +192.0.1.163 example.org | ||
638 | +192.0.1.164 example.org | ||
639 | +192.0.1.165 example.org | ||
640 | +192.0.1.166 example.org | ||
641 | +192.0.1.167 example.org | ||
642 | +192.0.1.168 example.org | ||
643 | +192.0.1.169 example.org | ||
644 | +192.0.1.170 example.org | ||
645 | +192.0.1.171 example.org | ||
646 | +192.0.1.172 example.org | ||
647 | +192.0.1.173 example.org | ||
648 | +192.0.1.174 example.org | ||
649 | +192.0.1.175 example.org | ||
650 | +192.0.1.176 example.org | ||
651 | +192.0.1.177 example.org | ||
652 | +192.0.1.178 example.org | ||
653 | +192.0.1.179 example.org | ||
654 | +192.0.1.180 example.org | ||
655 | +192.0.1.181 example.org | ||
656 | +192.0.1.182 example.org | ||
657 | +192.0.1.183 example.org | ||
658 | +192.0.1.184 example.org | ||
659 | +192.0.1.185 example.org | ||
660 | +192.0.1.186 example.org | ||
661 | +192.0.1.187 example.org | ||
662 | +192.0.1.188 example.org | ||
663 | +192.0.1.189 example.org | ||
664 | +192.0.1.190 example.org | ||
665 | +192.0.1.191 example.org | ||
666 | +192.0.1.192 example.org | ||
667 | +192.0.1.193 example.org | ||
668 | +192.0.1.194 example.org | ||
669 | +192.0.1.195 example.org | ||
670 | +192.0.1.196 example.org | ||
671 | +192.0.1.197 example.org | ||
672 | +192.0.1.198 example.org | ||
673 | +192.0.1.199 example.org | ||
674 | +192.0.1.200 example.org | ||
675 | +192.0.1.201 example.org | ||
676 | +192.0.1.202 example.org | ||
677 | +192.0.1.203 example.org | ||
678 | +192.0.1.204 example.org | ||
679 | +192.0.1.205 example.org | ||
680 | +192.0.1.206 example.org | ||
681 | +192.0.1.207 example.org | ||
682 | +192.0.1.208 example.org | ||
683 | +192.0.1.209 example.org | ||
684 | +192.0.1.210 example.org | ||
685 | +192.0.1.211 example.org | ||
686 | +192.0.1.212 example.org | ||
687 | +192.0.1.213 example.org | ||
688 | +192.0.1.214 example.org | ||
689 | +192.0.1.215 example.org | ||
690 | +192.0.1.216 example.org | ||
691 | +192.0.1.217 example.org | ||
692 | +192.0.1.218 example.org | ||
693 | +192.0.1.219 example.org | ||
694 | +192.0.1.220 example.org | ||
695 | +192.0.1.221 example.org | ||
696 | +192.0.1.222 example.org | ||
697 | +192.0.1.223 example.org | ||
698 | +192.0.1.224 example.org | ||
699 | +192.0.1.225 example.org | ||
700 | +192.0.1.226 example.org | ||
701 | +192.0.1.227 example.org | ||
702 | +192.0.1.228 example.org | ||
703 | +192.0.1.229 example.org | ||
704 | +192.0.1.230 example.org | ||
705 | +192.0.1.231 example.org | ||
706 | +192.0.1.232 example.org | ||
707 | +192.0.1.233 example.org | ||
708 | +192.0.1.234 example.org | ||
709 | +192.0.1.235 example.org | ||
710 | +192.0.1.236 example.org | ||
711 | +192.0.1.237 example.org | ||
712 | +192.0.1.238 example.org | ||
713 | +192.0.1.239 example.org | ||
714 | +192.0.1.240 example.org | ||
715 | +192.0.1.241 example.org | ||
716 | +192.0.1.242 example.org | ||
717 | +192.0.1.243 example.org | ||
718 | +192.0.1.244 example.org | ||
719 | +192.0.1.245 example.org | ||
720 | +192.0.1.246 example.org | ||
721 | +192.0.1.247 example.org | ||
722 | +192.0.1.248 example.org | ||
723 | +192.0.1.249 example.org | ||
724 | +192.0.1.250 example.org | ||
725 | +192.0.1.251 example.org | ||
726 | +192.0.1.252 example.org | ||
727 | +192.0.1.253 example.org | ||
728 | +192.0.1.254 example.org | ||
729 | diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c | ||
730 | index 18dccd5924..3d9bea60c6 100644 | ||
731 | --- a/sysdeps/posix/getaddrinfo.c | ||
732 | +++ b/sysdeps/posix/getaddrinfo.c | ||
733 | @@ -458,11 +458,6 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
734 | |||
735 | if (name != NULL) | ||
736 | { | ||
737 | - at = alloca_account (sizeof (struct gaih_addrtuple), alloca_used); | ||
738 | - at->family = AF_UNSPEC; | ||
739 | - at->scopeid = 0; | ||
740 | - at->next = NULL; | ||
741 | - | ||
742 | if (req->ai_flags & AI_IDN) | ||
743 | { | ||
744 | char *out; | ||
745 | @@ -473,13 +468,21 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
746 | malloc_name = true; | ||
747 | } | ||
748 | |||
749 | - if (__inet_aton_exact (name, (struct in_addr *) at->addr) != 0) | ||
750 | + uint32_t addr[4]; | ||
751 | + if (__inet_aton_exact (name, (struct in_addr *) addr) != 0) | ||
752 | { | ||
753 | + at = alloca_account (sizeof (struct gaih_addrtuple), alloca_used); | ||
754 | + at->scopeid = 0; | ||
755 | + at->next = NULL; | ||
756 | + | ||
757 | if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET) | ||
758 | - at->family = AF_INET; | ||
759 | + { | ||
760 | + memcpy (at->addr, addr, sizeof (at->addr)); | ||
761 | + at->family = AF_INET; | ||
762 | + } | ||
763 | else if (req->ai_family == AF_INET6 && (req->ai_flags & AI_V4MAPPED)) | ||
764 | { | ||
765 | - at->addr[3] = at->addr[0]; | ||
766 | + at->addr[3] = addr[0]; | ||
767 | at->addr[2] = htonl (0xffff); | ||
768 | at->addr[1] = 0; | ||
769 | at->addr[0] = 0; | ||
770 | @@ -505,49 +505,62 @@ | ||
771 | |||
772 | if (req->ai_flags & AI_CANONNAME) | ||
773 | canon = name; | ||
774 | + | ||
775 | + goto process_list; | ||
776 | } | ||
777 | - else if (at->family == AF_UNSPEC) | ||
778 | + | ||
779 | + char *scope_delim = strchr (name, SCOPE_DELIMITER); | ||
780 | + int e; | ||
781 | + | ||
782 | + if (scope_delim == NULL) | ||
783 | + e = inet_pton (AF_INET6, name, addr); | ||
784 | + else | ||
785 | + e = __inet_pton_length (AF_INET6, name, scope_delim - name, addr); | ||
786 | + | ||
787 | + if (e > 0) | ||
788 | { | ||
789 | - char *scope_delim = strchr (name, SCOPE_DELIMITER); | ||
790 | - int e; | ||
791 | - if (scope_delim == NULL) | ||
792 | - e = inet_pton (AF_INET6, name, at->addr); | ||
793 | + at = alloca_account (sizeof (struct gaih_addrtuple), | ||
794 | + alloca_used); | ||
795 | + at->scopeid = 0; | ||
796 | + at->next = NULL; | ||
797 | + | ||
798 | + if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET6) | ||
799 | + { | ||
800 | + memcpy (at->addr, addr, sizeof (at->addr)); | ||
801 | + at->family = AF_INET6; | ||
802 | + } | ||
803 | + else if (req->ai_family == AF_INET | ||
804 | + && IN6_IS_ADDR_V4MAPPED (addr)) | ||
805 | + { | ||
806 | + at->addr[0] = addr[3]; | ||
807 | + at->addr[1] = addr[1]; | ||
808 | + at->addr[2] = addr[2]; | ||
809 | + at->addr[3] = addr[3]; | ||
810 | + at->family = AF_INET; | ||
811 | + } | ||
812 | else | ||
813 | - e = __inet_pton_length (AF_INET6, name, scope_delim - name, | ||
814 | - at->addr); | ||
815 | - if (e > 0) | ||
816 | { | ||
817 | - if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET6) | ||
818 | - at->family = AF_INET6; | ||
819 | - else if (req->ai_family == AF_INET | ||
820 | - && IN6_IS_ADDR_V4MAPPED (at->addr)) | ||
821 | - { | ||
822 | - at->addr[0] = at->addr[3]; | ||
823 | - at->family = AF_INET; | ||
824 | - } | ||
825 | - else | ||
826 | - { | ||
827 | - result = -EAI_ADDRFAMILY; | ||
828 | - goto free_and_return; | ||
829 | - } | ||
830 | - | ||
831 | - if (scope_delim != NULL | ||
832 | - && __inet6_scopeid_pton ((struct in6_addr *) at->addr, | ||
833 | - scope_delim + 1, | ||
834 | - &at->scopeid) != 0) | ||
835 | - { | ||
836 | - result = -EAI_NONAME; | ||
837 | - goto free_and_return; | ||
838 | - } | ||
839 | + result = -EAI_ADDRFAMILY; | ||
840 | + goto free_and_return; | ||
841 | + } | ||
842 | |||
843 | - if (req->ai_flags & AI_CANONNAME) | ||
844 | - canon = name; | ||
845 | + if (scope_delim != NULL | ||
846 | + && __inet6_scopeid_pton ((struct in6_addr *) at->addr, | ||
847 | + scope_delim + 1, | ||
848 | + &at->scopeid) != 0) | ||
849 | + { | ||
850 | + result = -EAI_NONAME; | ||
851 | + goto free_and_return; | ||
852 | } | ||
853 | + | ||
854 | + if (req->ai_flags & AI_CANONNAME) | ||
855 | + canon = name; | ||
856 | + | ||
857 | + goto process_list; | ||
858 | } | ||
859 | |||
860 | - if (at->family == AF_UNSPEC && (req->ai_flags & AI_NUMERICHOST) == 0) | ||
861 | + if ((req->ai_flags & AI_NUMERICHOST) == 0) | ||
862 | { | ||
863 | - struct gaih_addrtuple **pat = &at; | ||
864 | int no_data = 0; | ||
865 | int no_inet6_data = 0; | ||
866 | service_user *nip; | ||
867 | @@ -543,6 +559,7 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
868 | enum nss_status status = NSS_STATUS_UNAVAIL; | ||
869 | int no_more; | ||
870 | struct resolv_context *res_ctx = NULL; | ||
871 | + bool do_merge = false; | ||
872 | |||
873 | /* If we do not have to look for IPv6 addresses or the canonical | ||
874 | name, use the simple, old functions, which do not support | ||
875 | @@ -579,7 +596,7 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
876 | result = -EAI_MEMORY; | ||
877 | goto free_and_return; | ||
878 | } | ||
879 | - *pat = addrmem; | ||
880 | + at = addrmem; | ||
881 | } | ||
882 | else | ||
883 | { | ||
884 | @@ -632,6 +649,8 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
885 | } | ||
886 | |||
887 | struct gaih_addrtuple *addrfree = addrmem; | ||
888 | + struct gaih_addrtuple **pat = &at; | ||
889 | + | ||
890 | for (int i = 0; i < air->naddrs; ++i) | ||
891 | { | ||
892 | socklen_t size = (air->family[i] == AF_INET | ||
893 | @@ -695,12 +714,6 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
894 | |||
895 | free (air); | ||
896 | |||
897 | - if (at->family == AF_UNSPEC) | ||
898 | - { | ||
899 | - result = -EAI_NONAME; | ||
900 | - goto free_and_return; | ||
901 | - } | ||
902 | - | ||
903 | goto process_list; | ||
904 | } | ||
905 | else if (err == 0) | ||
906 | @@ -750,6 +763,22 @@ | ||
907 | |||
908 | while (!no_more) | ||
909 | { | ||
910 | + /* Always start afresh; continue should discard previous results | ||
911 | + and the hosts database does not support merge. */ | ||
912 | + at = NULL; | ||
913 | + free (canonbuf); | ||
914 | + free (addrmem); | ||
915 | + canon = canonbuf = NULL; | ||
916 | + addrmem = NULL; | ||
917 | + got_ipv6 = false; | ||
918 | + | ||
919 | + if (do_merge) | ||
920 | + { | ||
921 | + __set_h_errno (NETDB_INTERNAL); | ||
922 | + __set_errno (EBUSY); | ||
923 | + break; | ||
924 | + } | ||
925 | + | ||
926 | no_data = 0; | ||
927 | nss_gethostbyname4_r fct4 = NULL; | ||
928 | |||
929 | @@ -744,12 +773,14 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
930 | { | ||
931 | while (1) | ||
932 | { | ||
933 | - status = DL_CALL_FCT (fct4, (name, pat, | ||
934 | + status = DL_CALL_FCT (fct4, (name, &at, | ||
935 | tmpbuf->data, tmpbuf->length, | ||
936 | &errno, &h_errno, | ||
937 | NULL)); | ||
938 | if (status == NSS_STATUS_SUCCESS) | ||
939 | break; | ||
940 | + /* gethostbyname4_r may write into AT, so reset it. */ | ||
941 | + at = NULL; | ||
942 | if (status != NSS_STATUS_TRYAGAIN | ||
943 | || errno != ERANGE || h_errno != NETDB_INTERNAL) | ||
944 | { | ||
945 | @@ -774,7 +805,9 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
946 | no_data = 1; | ||
947 | |||
948 | if ((req->ai_flags & AI_CANONNAME) != 0 && canon == NULL) | ||
949 | - canon = (*pat)->name; | ||
950 | + canon = at->name; | ||
951 | + | ||
952 | + struct gaih_addrtuple **pat = &at; | ||
953 | |||
954 | while (*pat != NULL) | ||
955 | { | ||
956 | @@ -826,6 +859,8 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
957 | |||
958 | if (fct != NULL) | ||
959 | { | ||
960 | + struct gaih_addrtuple **pat = &at; | ||
961 | + | ||
962 | if (req->ai_family == AF_INET6 | ||
963 | || req->ai_family == AF_UNSPEC) | ||
964 | { | ||
965 | @@ -917,6 +946,10 @@ | ||
966 | if (nss_next_action (nip, status) == NSS_ACTION_RETURN) | ||
967 | break; | ||
968 | |||
969 | + /* The hosts database does not support MERGE. */ | ||
970 | + if (nss_next_action (nip, status) == NSS_ACTION_MERGE) | ||
971 | + do_merge = true; | ||
972 | + | ||
973 | if (nip->next == NULL) | ||
974 | no_more = -1; | ||
975 | else | ||
976 | @@ -930,7 +969,7 @@ gaih_inet (const char *name, const struct gaih_service *service, | ||
977 | } | ||
978 | |||
979 | process_list: | ||
980 | - if (at->family == AF_UNSPEC) | ||
981 | + if (at == NULL) | ||
982 | { | ||
983 | result = -EAI_NONAME; | ||
984 | goto free_and_return; | ||
985 | -- | ||
986 | 2.39.3 | ||
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 8298088323..296c892994 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb | |||
@@ -88,6 +88,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | |||
88 | file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \ | 88 | file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \ |
89 | file://CVE-2023-0687.patch \ | 89 | file://CVE-2023-0687.patch \ |
90 | file://CVE-2023-4911.patch \ | 90 | file://CVE-2023-4911.patch \ |
91 | file://CVE-2023-4813.patch \ | ||
91 | " | 92 | " |
92 | S = "${WORKDIR}/git" | 93 | S = "${WORKDIR}/git" |
93 | B = "${WORKDIR}/build-${TARGET_SYS}" | 94 | B = "${WORKDIR}/build-${TARGET_SYS}" |