2.18_12-1

1 files changed, 41 insertions, 0 deletions

diff --git a/glibc-2.18-getaddrinfo-CVE-2013-4458.patch b/glibc-2.18-getaddrinfo-CVE-2013-4458.patch
new file mode 100644
index 000000000000..a7bc67c6f26c
--- /dev/null
+++ b/glibc-2.18-getaddrinfo-CVE-2013-4458.patch
@@ -0,0 +1,41 @@
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index e6ce4cf..8ff74b4 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ 				&rc, &herrno, NULL, &localcanon));	      \
+     if (rc != ERANGE || herrno != NETDB_INTERNAL)			      \
+       break;								      \
+-    tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen);		      \
++    if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen))    \
++      tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen,	      \
++				      alloca_used);			      \
++    else								      \
++      {									      \
++	char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL,		      \
++			      2 * tmpbuflen);				      \
++	if (newp == NULL)						      \
++	  {								      \
++	    result = -EAI_MEMORY;					      \
++	    goto free_and_return;					      \
++	  }								      \
++	tmpbuf = newp;							      \
++	malloc_tmpbuf = true;						      \
++	tmpbuflen = 2 * tmpbuflen;					      \
++      }									      \
+   }									      \
+   if (status == NSS_STATUS_SUCCESS && rc == 0)				      \
+     h = &th;								      \
+@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ 	{								      \
+ 	  __set_h_errno (herrno);					      \
+ 	  _res.options |= old_res_options & RES_USE_INET6;		      \
+-	  return -EAI_SYSTEM;						      \
++	  result = -EAI_SYSTEM;						      \
++	  goto free_and_return;						      \
+ 	}								      \
+       if (herrno == TRY_AGAIN)						      \
+ 	no_data = EAI_AGAIN;						      \
+-- 
+1.8.4.1
+