summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2015-01-21 12:43:11 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-02-11 17:40:07 +0000
commit620718b05d946144e0e4c05b5fdbec0d79fd77fb (patch)
treeb675c23a826c47b28cd441a90e156af7a7fe9215
parent8b255bd4910bc8ed0308cea6b605e88e6f453abd (diff)
downloadpoky-620718b05d946144e0e4c05b5fdbec0d79fd77fb.tar.gz
glibc: CVE-2014-9402 endless loop in getaddr_r
The getnetbyname function in glibc 2.21 in earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name. (From OE-Core rev: f03bf84c179f69ef4800ed92a4a9d9401d0e5966) (From OE-Core rev: 7e3f4ddd001f9c50a49d8ba5ab548af311e6b51f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch65
-rw-r--r--meta/recipes-core/glibc/glibc_2.20.bb1
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch b/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
new file mode 100644
index 0000000000..ba1da67b76
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
@@ -0,0 +1,65 @@
1CVE-2014-9402 endless loop in getaddr_r
2
3
4https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=11e3417af6e354f1942c68a271ae51e892b2814d
5
6Upstream-Status: Backport
7
8Signed-off-by: Armin Kuster <akuster@mvista.com>
9
10From 11e3417af6e354f1942c68a271ae51e892b2814d Mon Sep 17 00:00:00 2001
11From: Florian Weimer <fweimer@redhat.com>
12Date: Mon, 15 Dec 2014 17:41:13 +0100
13Subject: [PATCH] Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
14
15---
16 ChangeLog | 6 ++++++
17 NEWS | 7 +++++--
18 resolv/nss_dns/dns-network.c | 4 ++--
19 3 files changed, 13 insertions(+), 4 deletions(-)
20
21Index: git/NEWS
22===================================================================
23--- git.orig/NEWS
24+++ git/NEWS
25@@ -24,7 +24,10 @@ Version 2.20
26 17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078,
27 17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150,
28 17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354,
29- 17625.
30+ 17625, 17630.
31+
32+* The nss_dns implementation of getnetbyname could run into an infinite loop
33+ if the DNS response contained a PTR record of an unexpected format.
34
35 * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
36 under certain input conditions resulting in the execution of a shell for
37Index: git/resolv/nss_dns/dns-network.c
38===================================================================
39--- git.orig/resolv/nss_dns/dns-network.c
40+++ git/resolv/nss_dns/dns-network.c
41@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int
42
43 case BYNAME:
44 {
45- char **ap = result->n_aliases++;
46- while (*ap != NULL)
47+ char **ap;
48+ for (ap = result->n_aliases; *ap != NULL; ++ap)
49 {
50 /* Check each alias name for being of the forms:
51 4.3.2.1.in-addr.arpa = net 1.2.3.4
52Index: git/ChangeLog
53===================================================================
54--- git.orig/ChangeLog
55+++ git/ChangeLog
56@@ -1,3 +1,9 @@
57+2014-12-16 Florian Weimer <fweimer@redhat.com>
58+
59+ [BZ #17630]
60+ * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
61+ names.
62+
63 2014-12-15 Jeff Law <law@redhat.com>
64
65 [BZ #16617]
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index f67fbfdf0d..8a8b296def 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -44,6 +44,7 @@ EGLIBCPATCHES = "\
44CVEPATCHES = "\ 44CVEPATCHES = "\
45 file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \ 45 file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
46 file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \ 46 file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
47 file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
47 " 48 "
48LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ 49LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
49 file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ 50 file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \