[glibc/f16] -Fix reply buffer mismanagement in resolver (#730856)
Patsy Franklin
pfrankli at fedoraproject.org
Mon May 14 18:48:55 UTC 2012
commit bedea831729156c9b1ab3b0f179aa7010394b14e
Author: Patsy Franklin <pfrankli at redhat.com>
Date: Mon May 14 14:44:54 2012 -0400
-Fix reply buffer mismanagement in resolver (#730856)
glibc-rh730856.patch | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++
glibc.spec | 7 +++++-
2 files changed, 58 insertions(+), 1 deletions(-)
---
diff --git a/glibc-rh730856.patch b/glibc-rh730856.patch
new file mode 100644
index 0000000..1570f09
--- /dev/null
+++ b/glibc-rh730856.patch
@@ -0,0 +1,52 @@
+diff -Nrup a/resolv/res_query.c b/resolv/res_query.c
+--- a/resolv/res_query.c 2012-05-11 13:46:06.442619026 -0400
++++ b/resolv/res_query.c 2012-05-11 16:19:35.195340660 -0400
+@@ -122,6 +122,7 @@ __libc_res_nquery(res_state statp,
+ int *resplen2)
+ {
+ HEADER *hp = (HEADER *) answer;
++ HEADER *hp2;
+ int n, use_malloc = 0;
+ u_int oflags = statp->_flags;
+
+@@ -239,26 +240,25 @@ __libc_res_nquery(res_state statp,
+ /* __libc_res_nsend might have reallocated the buffer. */
+ hp = (HEADER *) *answerp;
+
+- /* We simplify the following tests by assigning HP to HP2. It
+- is easy to verify that this is the same as ignoring all
+- tests of HP2. */
+- HEADER *hp2 = answerp2 ? (HEADER *) *answerp2 : hp;
+-
+- if (n < (int) sizeof (HEADER) && answerp2 != NULL
+- && *resplen2 > (int) sizeof (HEADER))
++ /* We simplify the following tests by assigning HP to HP2 or
++ vice versa. It is easy to verify that this is the same as
++ ignoring all tests of HP or HP2. */
++ if (answerp2 == NULL || *resplen2 < (int) sizeof (HEADER))
+ {
+- /* Special case of partial answer. */
+- assert (n == 0 || hp != hp2);
+- hp = hp2;
++ hp2 = hp;
+ }
+- else if (answerp2 != NULL && *resplen2 < (int) sizeof (HEADER)
+- && n > (int) sizeof (HEADER))
++ else
+ {
+- /* Special case of partial answer. */
+- assert (hp != hp2);
+- hp2 = hp;
++ hp2 = (HEADER *) *answerp2;
++ if (n < (int) sizeof (HEADER))
++ {
++ hp = hp2;
++ }
+ }
+
++ /* Make sure both hp and hp2 are defined */
++ assert((hp != NULL) && (hp2 != NULL));
++
+ if ((hp->rcode != NOERROR || ntohs(hp->ancount) == 0)
+ && (hp2->rcode != NOERROR || ntohs(hp2->ancount) == 0)) {
+ #ifdef DEBUG
diff --git a/glibc.spec b/glibc.spec
index 3a80201..4cc20e8 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -28,7 +28,7 @@
Summary: The GNU libc libraries
Name: glibc
Version: %{glibcversion}
-Release: 24%{?dist}.6
+Release: 24%{?dist}.7
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
# Things that are linked directly into dynamically linked programs
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@@ -58,6 +58,7 @@ Patch14: %{name}-rh767696.patch
Patch15: %{name}-rh552960-2.patch
Patch16: %{name}-rh769993.patch
Patch17: %{name}-rh794797.patch
+Patch18: %{name}-rh730856.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: glibc-profile < 2.4
@@ -293,6 +294,7 @@ rm -rf %{glibcportsdir}
#%patch15 -p1
%patch16 -p1
%patch17 -p1
+%patch18 -p1
# A lot of programs still misuse memcpy when they have to use
# memmove. The memcpy implementation below is not tolerant at
@@ -1145,6 +1147,9 @@ rm -f *.filelist*
%endif
%changelog
+* Wed May 9 2012 Patsy Franklin <patsy at redhat.com> - 2.14.90-24.fc16.7
+ - Fix reply buffer mismanagement in resolver. (#730856)
+
* Mon Feb 20 2012 Jeff Law <law at redhat.com> - 2.14.90-24.fc16.6
- Avoid "nargs" integer overflow which could be used to bypass FORTIFY_SOURCE (#794797)
- Disable 552960/769421 patches again, they're still not right.
More information about the scm-commits
mailing list