diff options
Diffstat (limited to 'patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch')
-rw-r--r-- | patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch b/patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch deleted file mode 100644 index c59df8c..0000000 --- a/patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Siddhesh Poyarekar <siddhesh@redhat.com> -Date: Fri, 25 Oct 2013 10:22:12 +0530 -Subject: [PATCH] Fix stack overflow due to large AF_INET6 requests - -Resolves #16072 (CVE-2013-4458). - -This patch fixes another stack overflow in getaddrinfo when it is -called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, -but the AF_INET6 case went undetected back then. ---- - sysdeps/posix/getaddrinfo.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - -diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c -index 7bb3ded..2e97255 100644 ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, - &rc, &herrno, NULL, &localcanon)); \ - if (rc != ERANGE || herrno != NETDB_INTERNAL) \ - break; \ -- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \ -+ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \ -+ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \ -+ alloca_used); \ -+ else \ -+ { \ -+ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \ -+ 2 * tmpbuflen); \ -+ if (newp == NULL) \ -+ { \ -+ result = -EAI_MEMORY; \ -+ goto free_and_return; \ -+ } \ -+ tmpbuf = newp; \ -+ malloc_tmpbuf = true; \ -+ tmpbuflen = 2 * tmpbuflen; \ -+ } \ - } \ - if (status == NSS_STATUS_SUCCESS && rc == 0) \ - h = &th; \ -@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, - { \ - __set_h_errno (herrno); \ - _res.options |= old_res_options & RES_USE_INET6; \ -- return -EAI_SYSTEM; \ -+ result = -EAI_SYSTEM; \ -+ goto free_and_return; \ - } \ - if (herrno == TRY_AGAIN) \ - no_data = EAI_AGAIN; \ |