- Fix DoS in RPC implementation (#767693)

- Remove deprecated alpha support.
  - Remove redundant hunk from patch. (#823905)
This commit is contained in:
Jeff Law 2012-06-05 11:35:03 -06:00
parent 0d1b1bab4a
commit 77881379e9
3 changed files with 88 additions and 21 deletions

76
glibc-rh767693-2.patch Normal file
View File

@ -0,0 +1,76 @@
diff -rup a/sunrpc/svc_tcp.c b/sunrpc/svc_tcp.c
--- a/sunrpc/svc_tcp.c 2012-05-31 20:37:43.000000000 -0600
+++ b/sunrpc/svc_tcp.c 2012-06-05 11:30:09.948733571 -0600
@@ -44,6 +44,7 @@
#include <sys/poll.h>
#include <errno.h>
#include <stdlib.h>
+#include <time.h>
#include <wchar.h>
#include <libio/iolibio.h>
@@ -247,6 +248,11 @@ again:
{
if (errno == EINTR)
goto again;
+ if (errno == EMFILE)
+ {
+ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
+ __nanosleep(&ts , NULL);
+ }
return FALSE;
}
/*
diff -rup a/sunrpc/svc_udp.c b/sunrpc/svc_udp.c
--- a/sunrpc/svc_udp.c 2012-05-31 20:37:43.000000000 -0600
+++ b/sunrpc/svc_udp.c 2012-06-05 11:30:09.948733571 -0600
@@ -40,6 +40,7 @@
#include <sys/socket.h>
#include <errno.h>
#include <libintl.h>
+#include <time.h>
#ifdef IP_PKTINFO
#include <sys/uio.h>
@@ -277,8 +278,16 @@ again:
(int) su->su_iosz, 0,
(struct sockaddr *) &(xprt->xp_raddr), &len);
xprt->xp_addrlen = len;
- if (rlen == -1 && errno == EINTR)
- goto again;
+ if (rlen == -1)
+ {
+ if (errno == EINTR)
+ goto again;
+ if (errno == EMFILE)
+ {
+ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
+ __nanosleep(&ts , NULL);
+ }
+ }
if (rlen < 16) /* < 4 32-bit ints? */
return FALSE;
xdrs->x_op = XDR_DECODE;
diff -rup a/sunrpc/svc_unix.c b/sunrpc/svc_unix.c
--- a/sunrpc/svc_unix.c 2012-05-31 20:37:43.000000000 -0600
+++ b/sunrpc/svc_unix.c 2012-06-05 11:30:36.495612770 -0600
@@ -46,6 +46,7 @@
#include <errno.h>
#include <stdlib.h>
#include <libintl.h>
+#include <time.h>
#include <wchar.h>
/*
@@ -244,6 +245,11 @@ again:
{
if (errno == EINTR)
goto again;
+ if (errno == EMFILE)
+ {
+ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
+ __nanosleep(&ts , NULL);
+ }
return FALSE;
}
/*

View File

@ -12,14 +12,3 @@ index 25a9be0..6f758eb 100644
|| (res = __ibm930db_to_ucs4[ch + rp2->idx], \ || (res = __ibm930db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \ __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \ { \
@@ -215,7 +216,8 @@ enum
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (ch < rp2->start, 0) \
+ if (__builtin_expect (rp2->start == 0xffff, 0) \
+ || __builtin_expect (ch < rp2->start, 0) \
|| (cp = __ucs4_to_ibm930db[ch + rp2->idx], \
__builtin_expect (cp[0], L'\1')== L'\0' && ch != '\0')) \
{ \

View File

@ -28,7 +28,7 @@
Summary: The GNU libc libraries Summary: The GNU libc libraries
Name: glibc Name: glibc
Version: %{glibcversion} Version: %{glibcversion}
Release: 8%{?dist} Release: 9%{?dist}
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries. # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
# Things that are linked directly into dynamically linked programs # Things that are linked directly into dynamically linked programs
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@ -176,6 +176,9 @@ Patch2035: %{name}-rh819430.patch
# Upstream BZ 14134 # Upstream BZ 14134
Patch2036: %{name}-rh823905.patch Patch2036: %{name}-rh823905.patch
# See http://sourceware.org/ml/libc-alpha/2012-06/msg00074.html
Patch2037: %{name}-rh767693-2.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: glibc-profile < 2.4 Obsoletes: glibc-profile < 2.4
Obsoletes: nss_db Obsoletes: nss_db
@ -427,11 +430,11 @@ rm -rf %{glibcportsdir}
%patch0035 -p1 %patch0035 -p1
%patch2035 -p1 %patch2035 -p1
%patch2036 -p1 %patch2036 -p1
%patch2037 -p1
# A lot of programs still misuse memcpy when they have to use # A lot of programs still misuse memcpy when they have to use
# memmove. The memcpy implementation below is not tolerant at # memmove. The memcpy implementation below is not tolerant at
# all. # all.
rm -f sysdeps/alpha/alphaev6/memcpy.S
%if %{buildpower6} %if %{buildpower6}
# On powerpc32, hp timing is only available in power4/power6 # On powerpc32, hp timing is only available in power4/power6
# libs, not in base, so pre-power4 dynamic linker is incompatible # libs, not in base, so pre-power4 dynamic linker is incompatible
@ -458,9 +461,6 @@ BuildFlags="$BuildFlags -mno-tls-direct-seg-refs"
%ifarch x86_64 %ifarch x86_64
BuildFlags="-mtune=generic" BuildFlags="-mtune=generic"
%endif %endif
%ifarch alphaev6
BuildFlags="-mcpu=ev6"
%endif
%ifarch sparc %ifarch sparc
BuildFlags="-fcall-used-g6" BuildFlags="-fcall-used-g6"
GCC="gcc -m32" GCC="gcc -m32"
@ -997,9 +997,6 @@ cat debuginfocommon.sources >> debuginfo.filelist
%ifarch %{ix86} %ifarch %{ix86}
%define basearch i686 %define basearch i686
%endif %endif
%ifarch alpha alphaev6
%define basearch alpha
%endif
%ifarch sparc sparcv9 %ifarch sparc sparcv9
%define basearch sparc %define basearch sparc
%endif %endif
@ -1303,9 +1300,14 @@ rm -f *.filelist*
%endif %endif
%changelog %changelog
* Tue Jun 5 2012 Jeff Law <law@redhat.com> - 2.15.90-9
- Fix DoS in RPC implementation (#767693)
- Remove deprecated alpha support.
- Remove redundant hunk from patch. (#823905)
* Fri Jun 1 2012 Patsy Franklin <patsy@redhat.com> - 2.15.90-8 * Fri Jun 1 2012 Patsy Franklin <patsy@redhat.com> - 2.15.90-8
- Fix iconv() segfault when the invalid multibyte character 0xffff is input when - Fix iconv() segfault when the invalid multibyte character 0xffff is input
converting from IBM930 (823905) when converting from IBM930 (#823905)
* Fri Jun 1 2012 Jeff Law <law@redhat.com> - 2.15.90-7 * Fri Jun 1 2012 Jeff Law <law@redhat.com> - 2.15.90-7
- Resync with upstream sources. (#827040) - Resync with upstream sources. (#827040)