Fix memory leak regression in getaddrinfo (RHEL-2426)

Related: RHEL-2426
2023-09-25 07:54:46 +01:00 · 2023-09-25 07:54:46 +01:00 · df2a403efa
commit df2a403efa
parent d9eb6f4246
3 changed files with 127 additions and 1 deletions
--- a/glibc-RHEL-2426-14.patch
+++ b/glibc-RHEL-2426-14.patch
@ -0,0 +1,37 @@
+commit 57e349b1b0df1aee2dcd19dae1f324bde25ff8f0
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date:   Wed Dec 8 07:02:27 2021 -0800
+
+    Disable DT_RUNPATH on NSS tests [BZ #28455]
+    
+    The glibc internal NSS functions should always load NSS modules from
+    the system.  For testing purpose, disable DT_RUNPATH on NSS tests so
+    that the glibc internal NSS functions can load testing NSS modules
+    via DT_RPATH.
+    
+    This partially fixes BZ #28455.
+    
+    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+
+Conflicts:
+	nss/Makefile
+	  (different test backport order)
+
+diff --git a/nss/Makefile b/nss/Makefile
+index 64b29745131d3cf5..9af46fb3a8195809 100644
+--- a/nss/Makefile
+++ b/nss/Makefile
+@@ -215,3 +215,13 @@ endif
+ 
+ $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
+ $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
+
+# Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
+# functions can load testing NSS modules via DT_RPATH.
+LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
+LDFLAGS-tst-nss-test2 = -Wl,--disable-new-dtags
+LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags
+LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags
+LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags
+LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags
+LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags
--- a/glibc-RHEL-2426-15.patch
+++ b/glibc-RHEL-2426-15.patch
@ -0,0 +1,84 @@
+commit ec6b95c3303c700eb89eebeda2d7264cc184a796
+Author: Romain Geissler <romain.geissler@amadeus.com>
+Date:   Mon Sep 25 01:21:51 2023 +0100
+
+    Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
+    
+    This patch fixes a very recently added leak in getaddrinfo.
+    
+    Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+diff --git a/nss/Makefile b/nss/Makefile
+index 9af46fb3a8195809..62a68880198c243c 100644
+--- a/nss/Makefile
+++ b/nss/Makefile
+@@ -148,6 +148,15 @@ endif
+ extra-test-objs		+= nss_test1.os nss_test2.os nss_test_errno.os \
+ 			   nss_test_gai_hv2_canonname.os
+ 
+ifeq ($(run-built-tests),yes)
+ifneq (no,$(PERL))
+tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out
+endif
+endif
+
+generated += mtrace-tst-nss-gai-hv2-canonname.out \
+		tst-nss-gai-hv2-canonname.mtrace
+
+ include ../Rules
+ 
+ ifeq (yes,$(have-selinux))
+@@ -216,6 +225,17 @@ endif
+ $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
+ $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
+ 
+tst-nss-gai-hv2-canonname-ENV = \
+		MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \
+		LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \
+  $(objpfx)tst-nss-gai-hv2-canonname.out
+	{ test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \
+	|| ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \
+	&& $(common-objpfx)malloc/mtrace \
+	$(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \
+	$(evaluate-test)
+
+ # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
+ # functions can load testing NSS modules via DT_RPATH.
+ LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
+diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
+index d5f10c07d6a90773..7db53cf09da8dcb6 100644
+--- a/nss/tst-nss-gai-hv2-canonname.c
+++ b/nss/tst-nss-gai-hv2-canonname.c
+@@ -21,6 +21,7 @@
+ #include <netdb.h>
+ #include <stdlib.h>
+ #include <string.h>
+#include <mcheck.h>
+ #include <support/check.h>
+ #include <support/xstdio.h>
+ #include "nss/tst-nss-gai-hv2-canonname.h"
+@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av)
+ static int
+ do_test (void)
+ {
+  mtrace ();
+
+   __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
+ 
+   struct addrinfo hints = {};
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 10dc63542f337693..d6046a707f1d742a 100644
+--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
+@@ -1196,9 +1196,7 @@ free_and_return:
+   if (malloc_name)
+     free ((char *) name);
+   free (addrmem);
+-  if (res.free_at)
+-    free (res.at);
+-  free (res.canon);
+  gaih_result_reset (&res);
+ 
+   return result;
+ }
--- a/glibc.spec
+++ b/glibc.spec
@ -155,7 +155,7 @@ end \
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 83%{?dist}.6
+Release: 83%{?dist}.7

 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@ -768,6 +768,8 @@ Patch531: glibc-RHEL-2426-11.patch
 Patch532: glibc-RHEL-2426-12.patch
 Patch533: glibc-RHEL-2426-13.patch
 Patch534: glibc-RHEL-3000.patch
+Patch535: glibc-RHEL-2426-14.patch
+Patch536: glibc-RHEL-2426-15.patch

 ##############################################################################
 # Continued list of core "glibc" package information:
@ -2925,6 +2927,9 @@ update_gconv_modules_cache ()
 %endif

 %changelog
+* Mon Sep 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-83.7
+- Fix memory leak regression in getaddrinfo (RHEL-2426)
+
 * Tue Sep 19 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.6
 - CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000)