Gecko [ v99win.today ]

Name	Size	Permission
CVE-2023-4806-pre1.patch	1.7 KB	-rw-r--r--
CVE-2023-4806-pre10.patch	5.45 KB	-rw-r--r--
CVE-2023-4806-pre11.patch	5.99 KB	-rw-r--r--
CVE-2023-4806-pre12.patch	1.31 KB	-rw-r--r--
CVE-2023-4806-pre2.patch	7.2 KB	-rw-r--r--
CVE-2023-4806-pre3.patch	2.93 KB	-rw-r--r--
CVE-2023-4806-pre4.patch	8.29 KB	-rw-r--r--
CVE-2023-4806-pre5.patch	31.86 KB	-rw-r--r--
CVE-2023-4806-pre6.patch	4.75 KB	-rw-r--r--
CVE-2023-4806-pre7.patch	9.25 KB	-rw-r--r--
CVE-2023-4806-pre8.patch	19.66 KB	-rw-r--r--
CVE-2023-4806-pre9.patch	5.16 KB	-rw-r--r--
CVE-2023-4806.patch	12.16 KB	-rw-r--r--
CVE-2023-4813.patch	25.4 KB	-rw-r--r--
CVE-2023-4911.patch	2 KB	-rw-r--r--
CVE-2023-5156.patch	3.19 KB	-rw-r--r--
CVE-2024-2961.patch	6.92 KB	-rw-r--r--
CVE-2025-0395.patch	2.16 KB	-rw-r--r--
CVE-2025-4802.patch	2.44 KB	-rw-r--r--
git-surplus-tls-accounting.dif...	40.23 KB	-rw-r--r--
local-asserth-decls.diff	1.13 KB	-rw-r--r--
local-bindresvport_blacklist.d...	3.31 KB	-rw-r--r--
local-bootstrap-headers.diff	3.17 KB	-rw-r--r--
local-disable-libnss-db.diff	478 B	-rw-r--r--
local-fhs-linux-paths.diff	1 KB	-rw-r--r--
local-fhs-nscd.diff	855 B	-rw-r--r--
local-ld-multiarch.diff	1.32 KB	-rw-r--r--
local-ldconfig-ignore-ld.so.di...	1.47 KB	-rw-r--r--
local-ldconfig-multiarch.diff	1.51 KB	-rw-r--r--
local-ldso-disable-hwcap.diff	3.71 KB	-rw-r--r--
local-nss-overflow.diff	1.93 KB	-rw-r--r--
local-nss-upgrade.diff	956 B	-rw-r--r--
local-revert-bz13979.diff	1.43 KB	-rw-r--r--
local-stubs_h.diff	432 B	-rw-r--r--
local-tcsetaddr.diff	2.83 KB	-rw-r--r--
local-test-install.diff	612 B	-rw-r--r--
submitted-bits-fcntl_h-at.diff	5.08 KB	-rw-r--r--
submitted-ld.so-cache-new-form...	2.27 KB	-rw-r--r--
submitted-missing-etc-hosts.di...	306 B	-rw-r--r--
submitted-nptl-invalid-td.patc...	883 B	-rw-r--r--
submitted-resolv-unaligned.dif...	3.04 KB	-rw-r--r--
unsubmitted-ldso-machine-misma...	444 B	-rw-r--r--

Code Editor : CVE-2023-5156.patch

Origin: backport, https://sourceware.org/git/?p=glibc.git;a=commit;h=17092c0311f954e6f3c010f73ce3a78c24ac279a

From 17092c0311f954e6f3c010f73ce3a78c24ac279a Mon Sep 17 00:00:00 2001
From: Romain Geissler <romain.geissler@amadeus.com>
Date: Mon, 25 Sep 2023 01:21:51 +0100
Subject: [PATCH] Fix leak in getaddrinfo introduced by the fix for
 CVE-2023-4806 [BZ #30843]

This patch fixes a very recently added leak in getaddrinfo.

This was assigned CVE-2023-5156.

Resolves: BZ #30884
Related: BZ #30842

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
---
 nss/Makefile                    | 20 ++++++++++++++++++++
 nss/tst-nss-gai-hv2-canonname.c |  3 +++
 sysdeps/posix/getaddrinfo.c     |  4 +---
 3 files changed, 24 insertions(+), 3 deletions(-)

Index: glibc-2.35/nss/Makefile
===================================================================
--- glibc-2.35.orig/nss/Makefile
+++ glibc-2.35/nss/Makefile
@@ -145,6 +145,15 @@ tests-static		+= tst-nss-static
 endif
 extra-test-objs		+= nss_test1.os nss_test2.os nss_test_gai_hv2_canonname.os
 
+ifeq ($(run-built-tests),yes)
+ifneq (no,$(PERL))
+tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out
+endif
+endif
+
+generated += mtrace-tst-nss-gai-hv2-canonname.out \
+		tst-nss-gai-hv2-canonname.mtrace
+
 include ../Rules
 
 ifeq (yes,$(have-selinux))
@@ -209,6 +218,17 @@ endif
 $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
 $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
 
+tst-nss-gai-hv2-canonname-ENV = \
+		MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \
+		LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \
+  $(objpfx)tst-nss-gai-hv2-canonname.out
+	{ test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \
+	|| ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \
+	&& $(common-objpfx)malloc/mtrace \
+	$(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \
+	$(evaluate-test)
+
 # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
 # functions can load testing NSS modules via DT_RPATH.
 LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
Index: glibc-2.35/nss/tst-nss-gai-hv2-canonname.c
===================================================================
--- glibc-2.35.orig/nss/tst-nss-gai-hv2-canonname.c
+++ glibc-2.35/nss/tst-nss-gai-hv2-canonname.c
@@ -21,6 +21,7 @@
 #include <netdb.h>
 #include <stdlib.h>
 #include <string.h>
+#include <mcheck.h>
 #include <support/check.h>
 #include <support/xstdio.h>
 #include "nss/tst-nss-gai-hv2-canonname.h"
@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av
 static int
 do_test (void)
 {
+  mtrace ();
+
   __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
 
   struct addrinfo hints = {};
Index: glibc-2.35/sysdeps/posix/getaddrinfo.c
===================================================================
--- glibc-2.35.orig/sysdeps/posix/getaddrinfo.c
+++ glibc-2.35/sysdeps/posix/getaddrinfo.c
@@ -1196,9 +1196,7 @@ free_and_return:
   if (malloc_name)
     free ((char *) name);
   free (addrmem);
-  if (res.free_at)
-    free (res.at);
-  free (res.canon);
+  gaih_result_reset (&res);
 
   return result;
 }

${this.title}

Code Editor : CVE-2023-5156.patch