[glibc/f17] - Fix DoS in RPC implementation (#767693)
Patsy Franklin
pfrankli at fedoraproject.org
Tue Jun 5 20:21:27 UTC 2012
commit e6ecb54080422b1b33c3cbb365831e85151a38f6
Author: Patsy Franklin <pfrankli at redhat.com>
Date: Tue Jun 5 16:14:31 2012 -0400
- Fix DoS in RPC implementation (#767693)
glibc-rh767693-2.patch | 76 ++++++++++++++++++++++++++++++++++++++++++++++++
glibc.spec | 10 +++++-
2 files changed, 84 insertions(+), 2 deletions(-)
---
diff --git a/glibc-rh767693-2.patch b/glibc-rh767693-2.patch
new file mode 100644
index 0000000..97d3658
--- /dev/null
+++ b/glibc-rh767693-2.patch
@@ -0,0 +1,76 @@
+diff -rup a/sunrpc/svc_tcp.c b/sunrpc/svc_tcp.c
+--- a/sunrpc/svc_tcp.c 2012-05-31 20:37:43.000000000 -0600
++++ b/sunrpc/svc_tcp.c 2012-06-05 11:30:09.948733571 -0600
+@@ -44,6 +44,7 @@
+ #include <sys/poll.h>
+ #include <errno.h>
+ #include <stdlib.h>
++#include <time.h>
+
+ #include <wchar.h>
+ #include <libio/iolibio.h>
+@@ -247,6 +248,11 @@ again:
+ {
+ if (errno == EINTR)
+ goto again;
++ if (errno == EMFILE)
++ {
++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++ __nanosleep(&ts , NULL);
++ }
+ return FALSE;
+ }
+ /*
+diff -rup a/sunrpc/svc_udp.c b/sunrpc/svc_udp.c
+--- a/sunrpc/svc_udp.c 2012-05-31 20:37:43.000000000 -0600
++++ b/sunrpc/svc_udp.c 2012-06-05 11:30:09.948733571 -0600
+@@ -40,6 +40,7 @@
+ #include <sys/socket.h>
+ #include <errno.h>
+ #include <libintl.h>
++#include <time.h>
+
+ #ifdef IP_PKTINFO
+ #include <sys/uio.h>
+@@ -277,8 +278,16 @@ again:
+ (int) su->su_iosz, 0,
+ (struct sockaddr *) &(xprt->xp_raddr), &len);
+ xprt->xp_addrlen = len;
+- if (rlen == -1 && errno == EINTR)
+- goto again;
++ if (rlen == -1)
++ {
++ if (errno == EINTR)
++ goto again;
++ if (errno == EMFILE)
++ {
++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++ __nanosleep(&ts , NULL);
++ }
++ }
+ if (rlen < 16) /* < 4 32-bit ints? */
+ return FALSE;
+ xdrs->x_op = XDR_DECODE;
+diff -rup a/sunrpc/svc_unix.c b/sunrpc/svc_unix.c
+--- a/sunrpc/svc_unix.c 2012-05-31 20:37:43.000000000 -0600
++++ b/sunrpc/svc_unix.c 2012-06-05 11:30:36.495612770 -0600
+@@ -46,6 +46,7 @@
+ #include <errno.h>
+ #include <stdlib.h>
+ #include <libintl.h>
++#include <time.h>
+ #include <wchar.h>
+
+ /*
+@@ -244,6 +245,11 @@ again:
+ {
+ if (errno == EINTR)
+ goto again;
++ if (errno == EMFILE)
++ {
++ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
++ __nanosleep(&ts , NULL);
++ }
+ return FALSE;
+ }
+ /*
diff --git a/glibc.spec b/glibc.spec
index ee8389f..06dbd58 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -28,7 +28,7 @@
Summary: The GNU libc libraries
Name: glibc
Version: %{glibcversion}
-Release: 40%{?dist}
+Release: 41%{?dist}
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
# Things that are linked directly into dynamically linked programs
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@@ -199,6 +199,9 @@ Patch2057: %{name}-rh819430.patch
# Upstream BZ 14134
Patch2058: %{name}-rh823905.patch
+# See http://sourceware.org/ml/libc-alpha/2012-06/msg00074.html
+Patch2059: %{name}-rh767693-2.patch
+
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: glibc-profile < 2.4
Obsoletes: nss_db
@@ -474,7 +477,7 @@ popd
%patch2056 -p1
%patch2057 -p1
-%patch2058 -p1
+%patch2059 -p1
# A lot of programs still misuse memcpy when they have to use
# memmove. The memcpy implementation below is not tolerant at
@@ -1327,6 +1330,9 @@ rm -f *.filelist*
%endif
%changelog
+* Tue Jun 5 2012 Patsy Franklin <patsy at redhat.com> - 2.15.41
+ - Remove redundant hunk from patch. (#823905)
+
* Tue Jun 5 2012 Patsy Franklin <patsy at redhat.com> - 2.15.40
- Fix iconv() segfault when the invalid multibyte character 0xffff is input
when converting from IBM930 (#823905)
More information about the scm-commits
mailing list