Gecko [ v99win.today ]

Name	Size	Permission
CVE-2023-4806-pre1.patch	1.7 KB	-rw-r--r--
CVE-2023-4806-pre10.patch	5.45 KB	-rw-r--r--
CVE-2023-4806-pre11.patch	5.99 KB	-rw-r--r--
CVE-2023-4806-pre12.patch	1.31 KB	-rw-r--r--
CVE-2023-4806-pre2.patch	7.2 KB	-rw-r--r--
CVE-2023-4806-pre3.patch	2.93 KB	-rw-r--r--
CVE-2023-4806-pre4.patch	8.29 KB	-rw-r--r--
CVE-2023-4806-pre5.patch	31.86 KB	-rw-r--r--
CVE-2023-4806-pre6.patch	4.75 KB	-rw-r--r--
CVE-2023-4806-pre7.patch	9.25 KB	-rw-r--r--
CVE-2023-4806-pre8.patch	19.66 KB	-rw-r--r--
CVE-2023-4806-pre9.patch	5.16 KB	-rw-r--r--
CVE-2023-4806.patch	12.16 KB	-rw-r--r--
CVE-2023-4813.patch	25.4 KB	-rw-r--r--
CVE-2023-4911.patch	2 KB	-rw-r--r--
CVE-2023-5156.patch	3.19 KB	-rw-r--r--
CVE-2024-2961.patch	6.92 KB	-rw-r--r--
CVE-2025-0395.patch	2.16 KB	-rw-r--r--
CVE-2025-4802.patch	2.44 KB	-rw-r--r--
git-surplus-tls-accounting.dif...	40.23 KB	-rw-r--r--
local-asserth-decls.diff	1.13 KB	-rw-r--r--
local-bindresvport_blacklist.d...	3.31 KB	-rw-r--r--
local-bootstrap-headers.diff	3.17 KB	-rw-r--r--
local-disable-libnss-db.diff	478 B	-rw-r--r--
local-fhs-linux-paths.diff	1 KB	-rw-r--r--
local-fhs-nscd.diff	855 B	-rw-r--r--
local-ld-multiarch.diff	1.32 KB	-rw-r--r--
local-ldconfig-ignore-ld.so.di...	1.47 KB	-rw-r--r--
local-ldconfig-multiarch.diff	1.51 KB	-rw-r--r--
local-ldso-disable-hwcap.diff	3.71 KB	-rw-r--r--
local-nss-overflow.diff	1.93 KB	-rw-r--r--
local-nss-upgrade.diff	956 B	-rw-r--r--
local-revert-bz13979.diff	1.43 KB	-rw-r--r--
local-stubs_h.diff	432 B	-rw-r--r--
local-tcsetaddr.diff	2.83 KB	-rw-r--r--
local-test-install.diff	612 B	-rw-r--r--
submitted-bits-fcntl_h-at.diff	5.08 KB	-rw-r--r--
submitted-ld.so-cache-new-form...	2.27 KB	-rw-r--r--
submitted-missing-etc-hosts.di...	306 B	-rw-r--r--
submitted-nptl-invalid-td.patc...	883 B	-rw-r--r--
submitted-resolv-unaligned.dif...	3.04 KB	-rw-r--r--
unsubmitted-ldso-machine-misma...	444 B	-rw-r--r--

Code Editor : local-bindresvport_blacklist.diff

Patch from the OpenSUSE glibc

---
 inet/bindresvport.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 99 insertions(+), 8 deletions(-)

--- a/inet/bindresvport.c
+++ b/inet/bindresvport.c
@@ -29,7 +29,10 @@
  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include <stdio.h>
+#include <ctype.h>
 #include <errno.h>
+#include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
 #include <sys/types.h>
@@ -37,6 +40,85 @@
 #include <netinet/in.h>
 #include <libc-lock.h>
 
+#define STARTPORT 600
+#define LOWPORT 512
+#define ENDPORT (IPPORT_RESERVED - 1)
+#define NPORTS	(ENDPORT - STARTPORT + 1)
+
+/*
+ * Read the file /etc/rpc.blacklisted, so that we don't bind
+ * to this ports.
+ */
+
+static int blacklist_read;
+static int *list;
+static int list_size = 0;
+
+static void
+load_blacklist (void)
+{
+  FILE *fp;
+  char *buf = NULL;
+  size_t buflen = 0;
+  int size = 0, ptr = 0;
+
+  blacklist_read = 1;
+
+  fp = fopen ("/etc/bindresvport.blacklist", "r");
+  if (NULL == fp)
+    return;
+
+  while (!feof_unlocked (fp))
+    {
+      unsigned long port;
+      char *tmp, *cp;
+      ssize_t n = __getline (&buf, &buflen, fp);
+      if (n < 1)
+        break;
+
+      cp = buf;
+      tmp = strchr (cp, '#');  /* remove comments */
+      if (tmp)
+        *tmp = '\0';
+      while (isspace ((int)*cp))    /* remove spaces and tabs */
+        ++cp;
+      if (*cp == '\0')        /* ignore empty lines */
+        continue;
+      if (cp[strlen (cp) - 1] == '\n')
+        cp[strlen (cp) - 1] = '\0';
+
+      port = strtoul (cp, &tmp, 0);
+      while (isspace(*tmp))
+        ++tmp;
+      if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
+	continue;
+
+      /* Don't bother with out-of-range ports */
+      if (port < LOWPORT || port > ENDPORT)
+        continue;
+
+      if (ptr >= size)
+	{
+	  size += 10;
+	  list = realloc (list, size * sizeof (int));
+	  if (list == NULL)
+	    {
+	      free (buf);
+	      return;
+	    }
+	}
+
+      list[ptr++] = port;
+    }
+
+  fclose (fp);
+
+  if (buf)
+    free (buf);
+
+  list_size = ptr;
+}
+
 /*
  * Locks the static variables in this file.
  */
@@ -48,15 +130,13 @@
 int
 bindresvport (int sd, struct sockaddr_in *sin)
 {
+  static short startport = STARTPORT;
   static short port;
   struct sockaddr_in myaddr;
   int i;
 
-#define STARTPORT 600
-#define LOWPORT 512
-#define ENDPORT (IPPORT_RESERVED - 1)
-#define NPORTS	(ENDPORT - STARTPORT + 1)
-  static short startport = STARTPORT;
+  if (!blacklist_read)
+    load_blacklist ();
 
   if (sin == (struct sockaddr_in *) 0)
     {
@@ -75,6 +155,7 @@
       port = (__getpid () % NPORTS) + STARTPORT;
     }
 
+  __set_errno (EADDRINUSE);
   /* Initialize to make gcc happy.  */
   int res = -1;
 
@@ -86,12 +167,22 @@
  again:
   for (i = 0; i < nports; ++i)
     {
-      sin->sin_port = htons (port++);
-      if (port > endport)
-	port = startport;
+      int j;
+
+      sin->sin_port = htons (port);
+
+      /* Check, if this port is not blacklisted.  */
+      for (j = 0; j < list_size; j++)
+	if (port == list[j])
+	  goto try_next_port;
+
       res = __bind (sd, sin, sizeof (struct sockaddr_in));
       if (res >= 0 || errno != EADDRINUSE)
 	break;
+
+try_next_port:
+      if (++port > endport)
+	port = startport;
     }
 
   if (i == nports && startport != LOWPORT)

${this.title}

Code Editor : local-bindresvport_blacklist.diff