This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.17-500-g5b535ac

From: schwab at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 3 Apr 2013 15:57:27 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.17-500-g5b535ac

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  5b535ac41945fa369a5f641acdeb0d7eadf4668e (commit)
       via  1cef1b19089528db11f221e938f60b9b048945d7 (commit)
      from  74d87055bfeb31ea37bc2356d88c065c612e1c0e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5b535ac41945fa369a5f641acdeb0d7eadf4668e

commit 5b535ac41945fa369a5f641acdeb0d7eadf4668e
Author: Andreas Schwab <schwab@suse.de>
Date:   Wed Apr 3 17:53:57 2013 +0200

    Update NEWS

diff --git a/NEWS b/NEWS
index 8ecb2ee..513c185 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,9 @@ Version 2.18
   15160, 15214, 15232, 15234, 15283, 15285, 15287, 15304, 15305, 15307,
   15327, 15330.
 
+* CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
+  #15078).
+
 * CVE-2013-1914 Stack overflow in getaddrinfo with many results has been
   fixed (Bugzilla #15330).
 

http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1cef1b19089528db11f221e938f60b9b048945d7

commit 1cef1b19089528db11f221e938f60b9b048945d7
Author: Andreas Schwab <schwab@suse.de>
Date:   Thu Mar 21 15:50:27 2013 +0100

    Fix stack overflow in getaddrinfo with many results

diff --git a/ChangeLog b/ChangeLog
index 3046d2e..deebea4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-04-03  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #15330]
+	* sysdeps/posix/getaddrinfo.c (getaddrinfo): Allocate results and
+	order arrays from heap if bigger than alloca cutoff.
+
 2013-04-03  Thomas Schwinge  <thomas@codesourcery.com>
 
 	* sysdeps/i386/fpu/math-tests.h (SNAN_TESTS_float)
diff --git a/NEWS b/NEWS
index 7718a0a..8ecb2ee 100644
--- a/NEWS
+++ b/NEWS
@@ -13,7 +13,10 @@ Version 2.18
   14317, 14327, 14496, 14812, 14920, 14964, 14981, 14982, 14985, 14994,
   14996, 15003, 15006, 15020, 15023, 15036, 15054, 15055, 15062, 15078,
   15160, 15214, 15232, 15234, 15283, 15285, 15287, 15304, 15305, 15307,
-  15327.
+  15327, 15330.
+
+* CVE-2013-1914 Stack overflow in getaddrinfo with many results has been
+  fixed (Bugzilla #15330).
 
 * Add support for calling C++11 thread_local object destructors on thread
   and program exit.  This needs compiler support for offloading C++11
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index d95c2d1..2309281 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -2489,11 +2489,27 @@ getaddrinfo (const char *name, const char *service,
       __typeof (once) old_once = once;
       __libc_once (once, gaiconf_init);
       /* Sort results according to RFC 3484.  */
-      struct sort_result results[nresults];
-      size_t order[nresults];
+      struct sort_result *results;
+      size_t *order;
       struct addrinfo *q;
       struct addrinfo *last = NULL;
       char *canonname = NULL;
+      bool malloc_results;
+
+      malloc_results
+	= !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (size_t)));
+      if (malloc_results)
+	{
+	  results = malloc (nresults * (sizeof (*results) + sizeof (size_t)));
+	  if (results == NULL)
+	    {
+	      __free_in6ai (in6ai);
+	      return EAI_MEMORY;
+	    }
+	}
+      else
+	results = alloca (nresults * (sizeof (*results) + sizeof (size_t)));
+      order = (size_t *) (results + nresults);
 
       /* Now we definitely need the interface information.  */
       if (! check_pf_called)
@@ -2664,6 +2680,9 @@ getaddrinfo (const char *name, const char *service,
 
       /* Fill in the canonical name into the new first entry.  */
       p->ai_canonname = canonname;
+
+      if (malloc_results)
+	free (results);
     }
 
   __free_in6ai (in6ai);

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                   |    6 ++++++
 NEWS                        |    8 +++++++-
 sysdeps/posix/getaddrinfo.c |   23 +++++++++++++++++++++--
 3 files changed, 34 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]