Resolves#16072 (CVE-2013-4458).
This patch fixes another stack overflow in getaddrinfo when it is
called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914,
but the AF_INET6 case went undetected back then.
[BZ #9954]
With the following /etc/hosts:
127.0.0.1 www.my-domain.es
127.0.1.1 www.my-domain.es
192.168.0.1 www.my-domain.es
Using getaddrinfo() on www.my-domain.es, trigger the following assertion:
../sysdeps/posix/getaddrinfo.c:1473: rfc3484_sort: Assertion
`src->results[i].native == -1 || src->results[i].native == a1_native' failed.
This is due to two different bugs:
- In rfc3484_sort() rule 7, src->results[i].native is assigned even if
src->results[i].index is -1, meaning that no interface is associated.
- In getaddrinfo() the source IP address used with the lo interface needs a
special case, as it can be any IP within 127.X.Y.Z.
The Secure RPC implementation in glibc uses DES encryption
during authentication of the user. This use of DES means
that anyone using Sun RPC will likely not be compliant
with FIPS 140-2 which forbids the use of DES.
One solution to the compliance issue is to disable AUTH_DES
and AUTH_KERB, both use DES, when in FIPS compliance mode.
This is not a good idea because it disables all of the even
mildly secure methods of authentication allowing only plain
text methods.
Instead we leave AUTH_DES and AUTH_KERB enabled in FIPS
compliance mode and document the compliance issue in the
manual. FIPS allows this, that is to say that if you can't
fix it you must document the non-compliance.
This commit adds documentation to that effect in the
"DES encryption and password handling" section of the
manual.
The localedef --list-archive option claims that it can
accept a [file] argument and list the contents of that
archive. The support was never implemented. This patch
adds that support and allows --list-archive to work as
expected. You can now use localedef to list the contents
of arbitrary locale archives by using:
./localedef --list-archive file
It was noted in 2005 (BZ #832), 2006 (BZ #3266), and 2007 [1] that ldd
fails on shells other than Bash >= 3.0 because of the pipefail option
around try_trace (added on 2004-12-08). EGLIBC was patched in 2008 [2]
(r6912) to make the pipefail check run only on shells that support it,
but RTLD output would still be lost on other shells with certain SELinux
policies.
This patch rewrites try_trace to work on any POSIX-conformant shell in
such a way as to also work with such SELinux policies. It also obviates
one difference between glibc and EGLIBC.
URL: https://sourceware.org/ml/libc-alpha/2007-01/msg00041.html
URL: http://www.eglibc.org/archives/patches/msg00526.html
2013-09-11 P. J. McDermott <pj@pehjota.net>
[BZ #832]
* elf/ldd.bash.in (try_trace): More robustly and portably work around
SELinux terminal write permissions by using a command substitution
instead of a pipeline and pipefail option.
Add systemtap probes to various slow paths in libm so that application
developers may use systemtap to find out if their applications are
hitting these slow paths. We have added probes for pow, exp, log,
tan, atan and atan2.
Partially revert commits 2b766585f9 and
de2fd463b1, which were intended to fix BZ#11741
but caused another, likely worse bug, namely that fwrite() and fputs() could,
in an error path, read data beyond the end of the specified buffer, and
potentially even write this data to the file.
Fix BZ#11741 properly by checking the return value from _IO_padn() in
stdio-common/vfprintf.c.
A large value of bytes passed to memalign_check can cause an integer
overflow in _int_memalign and heap corruption. This issue can be
exposed by running tst-memalign with MALLOC_CHECK_=3.
ChangeLog:
2013-10-10 Will Newton <will.newton@linaro.org>
* malloc/hooks.c (memalign_check): Ensure the value of bytes
passed to _int_memalign does not overflow.