CVE-2023-4813: Work around RHEL-8 limitation in test

Resolves: RHEL-2435
This commit is contained in:
Siddhesh Poyarekar 2023-09-19 09:52:00 -04:00
parent c47da829fe
commit 7dead2d634
2 changed files with 27 additions and 1 deletions

22
glibc-RHEL-2435-2.patch Normal file
View File

@ -0,0 +1,22 @@
Work around in the test case, the fact that RHEL-8 NSS modules
infrastructure incorrectly allows merging in the hosts database. This
is a RHEL-8 only fix.
diff --git a/nss/tst-nss-gai-actions.c b/nss/tst-nss-gai-actions.c
index efca6cd1837a172a..c35e752896eceb2a 100644
--- a/nss/tst-nss-gai-actions.c
+++ b/nss/tst-nss-gai-actions.c
@@ -87,6 +87,13 @@ do_one_test (int action, int family, bool canon)
case ACTION_MERGE:
if (ret == 0)
{
+ if (hints.ai_flags == 0 && hints.ai_family == AF_INET)
+ {
+ printf ("***** RHEL-8 limitation: "
+ "NSS modules infrastructure incorrectly allows MERGE\n");
+ return;
+ }
+
char *formatted = support_format_addrinfo (ai, ret);
printf ("merge unexpectedly succeeded:\n %s\n", formatted);

View File

@ -132,7 +132,7 @@ end \
Summary: The GNU libc libraries
Name: glibc
Version: %{glibcversion}
Release: %{glibcrelease}.3
Release: %{glibcrelease}.4
# In general, GPLv2+ is used by programs, LGPLv2+ is used for
# libraries.
@ -1055,6 +1055,7 @@ Patch862: glibc-rh2233338-5.patch
Patch863: glibc-rh2233338-6.patch
Patch864: glibc-rh2234714.patch
Patch865: glibc-RHEL-2435.patch
Patch866: glibc-RHEL-2435-2.patch
##############################################################################
# Continued list of core "glibc" package information:
@ -2885,6 +2886,9 @@ fi
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
%changelog
* Tue Sep 19 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-236.4
- CVE-2023-4813: Work around RHEL-8 limitation in test (RHEL-2435)
* Fri Sep 15 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-236.3
- CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435)