From 7f654232b164503908312f223d324cd31f005c28 Mon Sep 17 00:00:00 2001
From: Patsy Franklin <pfrankli@redhat.com>
Date: Tue, 23 Apr 2013 16:52:25 -0400
Subject: [PATCH] Resolves: #892777 #952799   - Increase limits on xdr name and
 record requests (#892777).   - Consistently MANGLE/DEMANGLE init_fct, end_fct
 and btow_fct (#952799).

---
 glibc-rh892777.patch |  61 +++++++++++++++
 glibc-rh952799.patch | 181 +++++++++++++++++++++++++++++++++++++++++++
 glibc.spec           |  10 ++-
 3 files changed, 251 insertions(+), 1 deletion(-)
 create mode 100644 glibc-rh892777.patch
 create mode 100644 glibc-rh952799.patch

diff --git a/glibc-rh892777.patch b/glibc-rh892777.patch
new file mode 100644
index 0000000..03d201c
--- /dev/null
+++ b/glibc-rh892777.patch
@@ -0,0 +1,61 @@
+diff -Nrup a/nis/yp_xdr.c b/nis/yp_xdr.c
+--- a/nis/yp_xdr.c	2012-12-24 22:02:13.000000000 -0500
++++ b/nis/yp_xdr.c	2013-04-17 15:26:50.168999686 -0400
+@@ -32,6 +32,14 @@
+ #include <rpcsvc/yp.h>
+ #include <rpcsvc/ypclnt.h>
+ 
++/* The specification suggests 1024 as a maximum length of all fields, 
++   but current linux systems usually don't use any limits. So, to stay 
++   as much compatible as possible with recent linux systems we choose 
++   limits large enough to avoid problems. */
++
++#define XDRMAXNAME 1024
++#define XDRMAXRECORD 16 * 1024 * 1024
++
+ bool_t
+ xdr_ypstat (XDR *xdrs, ypstat *objp)
+ {
+@@ -49,21 +57,21 @@ libnsl_hidden_def (xdr_ypxfrstat)
+ bool_t
+ xdr_domainname (XDR *xdrs, domainname *objp)
+ {
+-  return xdr_string (xdrs, objp, YPMAXDOMAIN);
++  return xdr_string (xdrs, objp, XDRMAXNAME);
+ }
+ libnsl_hidden_def (xdr_domainname)
+ 
+ bool_t
+ xdr_mapname (XDR *xdrs, mapname *objp)
+ {
+-  return xdr_string (xdrs, objp, YPMAXMAP);
++  return xdr_string (xdrs, objp, XDRMAXNAME);
+ }
+ libnsl_hidden_def (xdr_mapname)
+ 
+ bool_t
+ xdr_peername (XDR *xdrs, peername *objp)
+ {
+-  return xdr_string (xdrs, objp, YPMAXPEER);
++  return xdr_string (xdrs, objp, XDRMAXNAME);
+ }
+ libnsl_hidden_def (xdr_peername)
+ 
+@@ -71,7 +79,7 @@ bool_t
+ xdr_keydat (XDR *xdrs, keydat *objp)
+ {
+   return xdr_bytes (xdrs, (char **) &objp->keydat_val,
+-		    (u_int *) &objp->keydat_len, YPMAXRECORD);
++		    (u_int *) &objp->keydat_len, XDRMAXRECORD);
+ }
+ libnsl_hidden_def (xdr_keydat)
+ 
+@@ -79,7 +87,7 @@ bool_t
+ xdr_valdat (XDR *xdrs, valdat *objp)
+ {
+   return xdr_bytes (xdrs, (char **) &objp->valdat_val,
+-		    (u_int *) &objp->valdat_len, YPMAXRECORD);
++		    (u_int *) &objp->valdat_len, XDRMAXRECORD);
+ }
+ libnsl_hidden_def (xdr_valdat)
+ 
diff --git a/glibc-rh952799.patch b/glibc-rh952799.patch
new file mode 100644
index 0000000..b9aba72
--- /dev/null
+++ b/glibc-rh952799.patch
@@ -0,0 +1,181 @@
+#
+# Red Hat BZ:
+# https://bugzilla.redhat.com/show_bug.cgi?id=816647
+#
+# ChangeLog
+#
+#2013-03-21  Patsy Franklin  <pfrankli@redhat.com>
+#
+#	* iconv/gconv_cache.c (find_module): Demangle init_fct before 
+#	checking for NULL. Mangle __btowc_fct if init_fct is non-NULL.
+#	* iconv/gconv_db.c (free_derivation): Check that __shlib_handle 
+#	is non-NULL before demangling the end_fct.  Check for NULL
+#	end_fct after demangling.
+#	(__gconv_release_step): Demangle the end_fct before checking 
+#	it for NULL.   Remove assert on __shlibc_handle != NULL.
+#	(gen_steps): Don't check btowc_fct for NULL before mangling.  
+#	Demangle init_fct before checking for NULL.
+#	(increment_counter): Likewise
+#	* gconv_dl.c (__gconv_find_shlib): Don't check init_fct or
+#	end_fct for NULL before mangling.
+#	* wcsmbs/btowc.c (__btowc): Demangle btowc_fct before checking
+#	for NULL.
+#
+diff -Nrup a/iconv/gconv_cache.c b/iconv/gconv_cache.c
+--- a/iconv/gconv_cache.c	2013-03-20 14:27:37.963273613 -0400
++++ b/iconv/gconv_cache.c	2013-03-20 14:30:56.705147746 -0400
+@@ -208,17 +208,16 @@ find_module (const char *directory, cons
+       result->__data = NULL;
+ 
+       /* Call the init function.  */
+-      if (result->__init_fct != NULL)
+-	{
+-	  __gconv_init_fct init_fct = result->__init_fct;
++      __gconv_init_fct init_fct = result->__init_fct;
+ #ifdef PTR_DEMANGLE
+-	  PTR_DEMANGLE (init_fct);
++      PTR_DEMANGLE (init_fct);
+ #endif
++      if (result->__init_fct != NULL)
++	{
+ 	  status = DL_CALL_FCT (init_fct, (result));
+ 
+ #ifdef PTR_MANGLE
+-	  if (result->__btowc_fct != NULL)
+-	    PTR_MANGLE (result->__btowc_fct);
++	  PTR_MANGLE (result->__btowc_fct);
+ #endif
+ 	}
+     }
+diff -Nrup a/iconv/gconv_db.c b/iconv/gconv_db.c
+--- a/iconv/gconv_db.c	2013-03-20 14:27:37.963273613 -0400
++++ b/iconv/gconv_db.c	2013-03-21 18:19:28.527148765 -0400
+@@ -180,16 +180,15 @@ free_derivation (void *p)
+   size_t cnt;
+ 
+   for (cnt = 0; cnt < deriv->nsteps; ++cnt)
+-    if (deriv->steps[cnt].__counter > 0
+-	&& deriv->steps[cnt].__end_fct != NULL)
++    if ((deriv->steps[cnt].__counter > 0)
++	&& (deriv->steps[cnt].__shlib_handle != NULL))
+       {
+-	assert (deriv->steps[cnt].__shlib_handle != NULL);
+-
+ 	__gconv_end_fct end_fct = deriv->steps[cnt].__end_fct;
+ #ifdef PTR_DEMANGLE
+ 	PTR_DEMANGLE (end_fct);
+ #endif
+-	DL_CALL_FCT (end_fct, (&deriv->steps[cnt]));
++	if (end_fct != NULL)
++	  DL_CALL_FCT (end_fct, (&deriv->steps[cnt]));
+       }
+ 
+   /* Free the name strings.  */
+@@ -210,16 +209,12 @@ __gconv_release_step (struct __gconv_ste
+   if (step->__shlib_handle != NULL && --step->__counter == 0)
+     {
+       /* Call the destructor.  */
+-      if (step->__end_fct != NULL)
+-	{
+-	  assert (step->__shlib_handle != NULL);
+-
+-	  __gconv_end_fct end_fct = step->__end_fct;
++	__gconv_end_fct end_fct = step->__end_fct;
+ #ifdef PTR_DEMANGLE
+-	  PTR_DEMANGLE (end_fct);
++	PTR_DEMANGLE (end_fct);
+ #endif
+-	  DL_CALL_FCT (end_fct, (step));
+-	}
++      if (end_fct != NULL)
++	DL_CALL_FCT (end_fct, (step));
+ 
+ #ifndef STATIC_GCONV
+       /* Release the loaded module.  */
+@@ -291,13 +286,11 @@ gen_steps (struct derivation_step *best,
+ 
+ 	      /* Call the init function.  */
+ 	      __gconv_init_fct init_fct = result[step_cnt].__init_fct;
+-	      if (init_fct != NULL)
+-		{
+-		  assert (result[step_cnt].__shlib_handle != NULL);
+-
+ # ifdef PTR_DEMANGLE
+-		  PTR_DEMANGLE (init_fct);
++	      PTR_DEMANGLE (init_fct);
+ # endif
++	      if (init_fct != NULL)
++		{
+ 		  status = DL_CALL_FCT (init_fct, (&result[step_cnt]));
+ 
+ 		  if (__builtin_expect (status, __GCONV_OK) != __GCONV_OK)
+@@ -310,8 +303,7 @@ gen_steps (struct derivation_step *best,
+ 		    }
+ 
+ # ifdef PTR_MANGLE
+-		  if (result[step_cnt].__btowc_fct != NULL)
+-		    PTR_MANGLE (result[step_cnt].__btowc_fct);
++		  PTR_MANGLE (result[step_cnt].__btowc_fct);
+ # endif
+ 		}
+ 	    }
+@@ -391,16 +383,15 @@ increment_counter (struct __gconv_step *
+ 
+ 	  /* Call the init function.  */
+ 	  __gconv_init_fct init_fct = step->__init_fct;
+-	  if (init_fct != NULL)
+-	    {
+ #ifdef PTR_DEMANGLE
+-	      PTR_DEMANGLE (init_fct);
++	  PTR_DEMANGLE (init_fct);
+ #endif
++	  if (init_fct != NULL)
++	    {
+ 	      DL_CALL_FCT (init_fct, (step));
+ 
+ #ifdef PTR_MANGLE
+-	      if (step->__btowc_fct != NULL)
+-		PTR_MANGLE (step->__btowc_fct);
++	      PTR_MANGLE (step->__btowc_fct);
+ #endif
+ 	    }
+ 	}
+diff -Nrup a/iconv/gconv_dl.c b/iconv/gconv_dl.c
+--- a/iconv/gconv_dl.c	2005-12-19 02:23:44.000000000 -0500
++++ b/iconv/gconv_dl.c	2013-03-20 14:30:56.707148662 -0400
+@@ -133,10 +133,8 @@ __gconv_find_shlib (const char *name)
+ 
+ #ifdef PTR_MANGLE
+ 		  PTR_MANGLE (found->fct);
+-		  if (found->init_fct != NULL)
+-		    PTR_MANGLE (found->init_fct);
+-		  if (found->end_fct !=  NULL)
+-		    PTR_MANGLE (found->end_fct);
++		  PTR_MANGLE (found->init_fct);
++		  PTR_MANGLE (found->end_fct);
+ #endif
+ 
+ 		  /* We have succeeded in loading the shared object.  */
+diff -Nrup a/wcsmbs/btowc.c b/wcsmbs/btowc.c
+--- a/wcsmbs/btowc.c	2005-12-19 02:24:47.000000000 -0500
++++ b/wcsmbs/btowc.c	2013-03-21 18:20:35.590148608 -0400
+@@ -48,15 +48,15 @@ __btowc (c)
+   /* Get the conversion functions.  */
+   fcts = get_gconv_fcts (_NL_CURRENT_DATA (LC_CTYPE));
+   __gconv_btowc_fct btowc_fct = fcts->towc->__btowc_fct;
++#ifdef PTR_DEMANGLE
++  if (fcts->towc->__shlib_handle != NULL)
++    PTR_DEMANGLE (btowc_fct);
++#endif
+ 
+   if (__builtin_expect (fcts->towc_nsteps == 1, 1)
+       && __builtin_expect (btowc_fct != NULL, 1))
+     {
+       /* Use the shortcut function.  */
+-#ifdef PTR_DEMANGLE
+-      if (fcts->towc->__shlib_handle != NULL)
+-	PTR_DEMANGLE (btowc_fct);
+-#endif
+       return DL_CALL_FCT (btowc_fct, (fcts->towc, (unsigned char) c));
+     }
+   else
diff --git a/glibc.spec b/glibc.spec
index b40d6c4..f44847e 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -27,7 +27,7 @@
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 5%{?dist}
+Release: 6%{?dist}
 # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
 # Things that are linked directly into dynamically linked programs
 # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@@ -108,6 +108,8 @@ Patch0034: %{name}-fedora-elf-init-hidden_undef.patch
 
 # Needs to be sent upstream
 Patch0035: %{name}-rh911307.patch
+Patch0036: %{name}-rh892777.patch
+Patch0037: %{name}-rh952799.patch
 
 #
 # Patches from upstream
@@ -406,6 +408,8 @@ package or when debugging this package.
 %patch0034 -p1
 %patch2028 -p1
 %patch0035 -p1
+%patch0036 -p1
+%patch0037 -p1
 %patch2029 -p1
 %patch1030 -p1
 
@@ -1207,6 +1211,10 @@ rm -f *.filelist*
 %endif
 
 %changelog
+* Tue Apr 23 2013 Patsy Franklin <pfrankli@redhat.com> - 2.17-6
+  - Increase limits on xdr name and record requests (#892777).
+  - Consistently MANGLE/DEMANGLE init_fct, end_fct and btow_fct (#952799).
+
 * Thu Mar 28 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-5
   - Don't add input group during initgroups_dyn in hesiod (#921760).