diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2018-02-05 14:25:15 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2018-02-09 10:24:34 +0100 |
commit | 7c55eb79f4528c94fcda5ac9553c508e8710b933 (patch) | |
tree | 7268cd1d1254a5de62e9708d5db3486e1fbf1c18 /patches/glibc-2.23/0005-CVE-2016-4429-sunrpc-Do-not-use-alloca-in-clntudp_ca.patch | |
parent | e57f484e9d0732bc198167db4d4080e397a95228 (diff) | |
download | OSELAS.Toolchain-7c55eb79f4528c94fcda5ac9553c508e8710b933.tar.gz OSELAS.Toolchain-7c55eb79f4528c94fcda5ac9553c508e8710b933.tar.xz |
remove old patches
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'patches/glibc-2.23/0005-CVE-2016-4429-sunrpc-Do-not-use-alloca-in-clntudp_ca.patch')
-rw-r--r-- | patches/glibc-2.23/0005-CVE-2016-4429-sunrpc-Do-not-use-alloca-in-clntudp_ca.patch | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/patches/glibc-2.23/0005-CVE-2016-4429-sunrpc-Do-not-use-alloca-in-clntudp_ca.patch b/patches/glibc-2.23/0005-CVE-2016-4429-sunrpc-Do-not-use-alloca-in-clntudp_ca.patch deleted file mode 100644 index ebb3cd4..0000000 --- a/patches/glibc-2.23/0005-CVE-2016-4429-sunrpc-Do-not-use-alloca-in-clntudp_ca.patch +++ /dev/null @@ -1,52 +0,0 @@ -From: Florian Weimer <fweimer@redhat.com> -Date: Mon, 23 May 2016 20:18:34 +0200 -Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ - #20112] - -The call is technically in a loop, and under certain circumstances -(which are quite difficult to reproduce in a test case), alloca -can be invoked repeatedly during a single call to clntudp_call. -As a result, the available stack space can be exhausted (even -though individual alloca sizes are bounded implicitly by what -can fit into a UDP packet, as a side effect of the earlier -successful send operation). - -(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c) ---- - sunrpc/clnt_udp.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c -index a6cf5f1ca733..4d9acb1e6a6b 100644 ---- a/sunrpc/clnt_udp.c -+++ b/sunrpc/clnt_udp.c -@@ -388,9 +388,15 @@ send_again: - struct sock_extended_err *e; - struct sockaddr_in err_addr; - struct iovec iov; -- char *cbuf = (char *) alloca (outlen + 256); -+ char *cbuf = malloc (outlen + 256); - int ret; - -+ if (cbuf == NULL) -+ { -+ cu->cu_error.re_errno = errno; -+ return (cu->cu_error.re_status = RPC_CANTRECV); -+ } -+ - iov.iov_base = cbuf + 256; - iov.iov_len = outlen; - msg.msg_name = (void *) &err_addr; -@@ -415,10 +421,12 @@ send_again: - cmsg = CMSG_NXTHDR (&msg, cmsg)) - if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) - { -+ free (cbuf); - e = (struct sock_extended_err *) CMSG_DATA(cmsg); - cu->cu_error.re_errno = e->ee_errno; - return (cu->cu_error.re_status = RPC_CANTRECV); - } -+ free (cbuf); - } - #endif - do |