[xinetd] Fix memory corruption when loading a large number of services (#720390)

Tue Jan 17 08:52:12 UTC 2012

commit 7de7f60c176e9fd4cae641dff2145d7a0a8945ec
Author: Jan Synacek <jsynacek at redhat.com>
Date:   Tue Jan 17 09:51:04 2012 +0100

    Fix memory corruption when loading a large number of services (#720390)

 xinetd-2.3.14-many-services.patch |   27 +++++++++++++++++++++++++++
 xinetd.spec                       |   10 +++++++++-
 2 files changed, 36 insertions(+), 1 deletions(-)
---

diff --git a/xinetd-2.3.14-many-services.patch b/xinetd-2.3.14-many-services.patch
new file mode 100644
index 0000000..8459b6c
--- /dev/null
+++ b/xinetd-2.3.14-many-services.patch
@@ -0,0 +1,27 @@
+--- xinetd-2.3.14-dist/xinetd/defs.h	2012-01-16 12:20:54.739041678 +0100
++++ xinetd-2.3.14/xinetd/defs.h	2012-01-17 08:06:56.800762230 +0100
+@@ -115,8 +115,9 @@ union xsockaddr {
+  */
+ 
+ #ifdef HAVE_POLL
+-#define INIT_POLLFDS                 1024
+-#define MAX_POLLFDS                  8192
++#define INIT_POLLFDS                 4096
++/* FIXME: not used */
++#define MAX_POLLFDS                  16384
+ #endif
+ 
+ /*
+--- xinetd-2.3.14-dist/xinetd/service.c	2012-01-16 12:20:54.741041678 +0100
++++ xinetd-2.3.14/xinetd/service.c	2012-01-17 08:07:28.872746991 +0100
+@@ -343,9 +343,9 @@ status_e svc_activate( struct service *s
+        out_of_memory( func );
+        return( FAILED );
+      }
++     ps.rws.pfd_array = tmp;
+      memset(&ps.rws.pfd_array[ps.rws.pfds_last], 0, (ps.rws.pfds_allocated-
+        ps.rws.pfds_last)*sizeof(struct pollfd));
+-     ps.rws.pfd_array = tmp;
+    }
+    if ( sp->svc_pfd_index >= 0 )
+    {
diff --git a/xinetd.spec b/xinetd.spec
index d0003d9..b9e4121 100644
--- a/xinetd.spec
+++ b/xinetd.spec
@@ -1,7 +1,7 @@
 Summary: A secure replacement for inetd
 Name: xinetd
 Version: 2.3.14
-Release: 39%{?dist}
+Release: 40%{?dist}
 License: xinetd 
 Group: System Environment/Daemons
 Epoch: 2
@@ -46,6 +46,9 @@ Patch20: xinetd-2.3.14-fix-type-punned-ptr.patch
 # Fix leaking file descriptors and pfd_array wasting
 # This fixes #702670
 Patch21: xinetd-2.3.14-leaking-fds.patch
+# Fix memory corruption when loading a large number of services
+# This fixes #720390
+Patch22: xinetd-2.3.14-many-services.patch
 
 BuildRequires: autoconf, automake
 BuildRequires: libselinux-devel >= 1.30
@@ -99,6 +102,7 @@ located in the /etc/xinetd.d directory.
 %patch19 -p1 -b .signal-log-hang
 %patch20 -p1 -b .fix-type-punned-ptr
 %patch21 -p1 -b .leaking-fds
+%patch22 -p1 -b .many-services
 
 aclocal
 autoconf
@@ -168,6 +172,10 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Tue Jan 17 2012 Jan Synáček <jsynacek at redhat.com> - 2:2.3.14-40
+- Fix memory corruption when loading a large number of services
+- Resolves #720390
+
 * Mon Jan 16 2012 Jan Synáček <jsynacek at redhat.com> - 2:2.3.14-39
 - Fix leaking file descriptors
 - Resolves: #702670
