This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/17630] endless loop in getaddr_r (CVE-2014-9402)


https://sourceware.org/bugzilla/show_bug.cgi?id=17630

--- Comment #15 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, ibm/2.20/master has been created
        at  6831ddb38379c1924bd19b3203d161a4c3ed1e2e (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6831ddb38379c1924bd19b3203d161a4c3ed1e2e

commit 6831ddb38379c1924bd19b3203d161a4c3ed1e2e
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Sun Jan 11 19:33:17 2015 -0600

    powerpc: Fix POWER7/PPC64 performance regression on LE

    This patch fixes a performance regression on the POWER7/PPC64 memcmp
    porting for Little Endian.  The LE code uses 'ldbrx' instruction to read
    the memory on byte reversed form, however ISA 2.06 just provide the indexed
    form which uses a register value as additional index, instead of a fixed
value
    enconded in the instruction.

    And the port strategy for LE uses r0 index value and update the address
    value on each compare loop interation.  For large compare size values,
    it adds 8 more instructions plus some more depending of trailing
    size.  This patch fixes it by adding pre-calculate indexes to remove the
    address update on loops and tailing sizes.

    For large sizes it shows a considerable gain, with double performance
    pairing with BE.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=473b6083820fd156985bf7b2cb60db9d4031b536

commit 473b6083820fd156985bf7b2cb60db9d4031b536
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Fri Jan 9 16:04:26 2015 -0500

    powerpc: Optimized strncmp for POWER8/PPC64

    This patch adds an optimized POWER8 strncmp.  The implementation focus
    on speeding up unaligned cases follwing the ideas of power8 strcmp.

    The algorithm first check the initial 16 bytes, then align the first
    function source and uses unaligned loads on second argument only.
    Aditional checks for page boundaries are done for unaligned cases
    (where sources alignment are different).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=299b9464d9a1a48bbcfbc1c7a99604091ec5248f

commit 299b9464d9a1a48bbcfbc1c7a99604091ec5248f
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date:   Fri Jan 9 11:56:35 2015 -0500

    powerpc: Optimize POWER7 strcmp trailing checks

    This patch optimized the POWER7 trailing check by avoiding using byte
    read operations and instead use the doubleword already readed with
    bitwise operations.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f0685edc6676c7266fdc30fd0769fb88d058f04

commit 6f0685edc6676c7266fdc30fd0769fb88d058f04
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Jan 7 07:18:30 2015 -0500

    powerpc: Optimized strcmp for POWER8/PPC64

    This patch adds an optimized POWER8 strcmp using unaligned accesses.
    The algorithm first check the initial 16 bytes, then align the first
    function source and uses unaligned loads on second argument only.
    Aditional checks for page boundaries are done for unaligned cases

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a38f68f12fd03374d599eeb0b6943e50b0ff7348

commit a38f68f12fd03374d599eeb0b6943e50b0ff7348
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Dec 31 11:47:41 2014 -0500

    powerpc: Optimized st{r,p}ncpy for POWER8/PPC64

    This patch adds an optimized POWER8 st{r,p}ncpy using unaligned accesses.
    It shows 10%-80% improvement over the optimized POWER7 one that uses
    only aligned accesses, specially on unaligned inputs.

    The algorithm first read and check 16 bytes (if inputs do not cross a 4K
    page size).  The it realign source to 16-bytes and issue a 16 bytes read
    and compare loop to speedup null byte checks for large strings.  Also,
    different from POWER7 optimization, the null pad is done inline in the
    implementation using possible unaligned accesses, instead of realying on
    a memset call.  Special case is added for page cross reads.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4242356131256e54ca3e96b0c6f2af773b7a69c8

commit 4242356131256e54ca3e96b0c6f2af773b7a69c8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Tue Dec 23 13:39:23 2014 -0500

    powerpc: Optimized strncat for POWER7/PPC64

    With 3eb38795dbbbd816 (Simplify strncat) the generic algorithms uses
    strlen, strnlen, and memcpy.  This is faster than POWER7 current
    implementation, especially for unaligned strings (where POWER7 code
    uses byte-byte operations).

    This patch removes the assembly implementation and uses a multiarch
    specialization based on default algorithm calling optimized POWER7
    symbols.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=11ce06e589429143595a6c4b60ac7ab6372201b1

commit 11ce06e589429143595a6c4b60ac7ab6372201b1
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Tue Dec 23 13:36:34 2014 -0500

    powerpc: Optimized strcat for POWER8/PPC64

    With new optimized strcpy for POWER8, this patch adds an optimized
    strcat which uses it along with default implementation at strings/.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a9728856f02f74b60a546499c5bd8492d1726f98

commit a9728856f02f74b60a546499c5bd8492d1726f98
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Tue Dec 23 05:59:44 2014 -0600

    powerpc: Optimized st{r,p}cpy for POWER8/PPC64

    This patch adds an optimized POWER8 strcpy using unaligned accesses.
    For strings up to 16 bytes the implementation first calculate the
    string size, like strlen, and issues a memcpy.  For larger strings,
    source is first aligned to 16 bytes and then tested over a loop that
    reads 16 bytes am combine the cmpb results for speedup.  Special case is
    added for page cross reads.

    It shows 30%-60% improvement over the optimized POWER7 one that uses
    only aligned accesses.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b53db929e654aaf97a2a239e17a87b04c768b854

commit b53db929e654aaf97a2a239e17a87b04c768b854
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date:   Wed Dec 31 14:05:00 2014 -0500

    powerpc: POWER7 strcpy optimization for unaligned strings

    This patch optimizes strcpy for ppc64/power7 for unaligned source or
    destination address.  The source or destination address is aligned
    to doubleword and data is shifted based on the alignment and
    added with the previous loaded data to be written as a doubleword.
    For each load, cmpb instruction is used for faster null check.

    The word aligned optimization is also removed, since the new unaligned
    code path shows better results handling word-aligned strings.

    More combination of unaligned inputs is also added in benchtest
    to measure the improvement.The new optimization shows 2 to 80% of
    performance improvement for longer string though it does not show
    big difference on string size less than 16 due to additional checks.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f4f9fb08d49740d9f18918bcf9d45ca594f416ee

commit f4f9fb08d49740d9f18918bcf9d45ca594f416ee
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Dec 15 17:41:13 2014 +0100

    Avoid infinite loop in nss_dns getnetbyname [BZ #17630]

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b

commit 5985c6ea868db23380977a35a2167549f9a3653b
Author: Jeff Law <law@redhat.com>
Date:   Mon Dec 15 10:09:32 2014 +0100

    CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]

    A larger number of format specifiers coudld cause a stack overflow,
    potentially allowing to bypass _FORTIFY_SOURCE format string
    protection.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8647419a62d1d5641488ca6430bb679cf1e766e0

commit 8647419a62d1d5641488ca6430bb679cf1e766e0
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Nov 19 16:27:56 2014 -0500

    powerpc: Add powerpc64 strpbrk optimization

    This patch makes the POWER7 optimized strpbrk generic by using
    default doubleword stores to zero the hash, instead of VSX
    instructions.  Performance on POWER7/POWER8 does not change.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9f30622819b4d3685c0d448f3a3d49032472b07

commit f9f30622819b4d3685c0d448f3a3d49032472b07
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Nov 19 15:24:55 2014 -0500

    powerpc: Add powerpc64 strcspn optimization

    This patch makes the POWER7 optimized strcspn generic by using
    default doubleword stores to zero the hash, instead of VSX
    instructions.  Performance on POWER7/POWER8 does not change.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97104a4e2b866aae6a6593286b6c584339ef29d3

commit 97104a4e2b866aae6a6593286b6c584339ef29d3
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Nov 19 14:24:18 2014 -0500

    powerpc: Add powerpc64 strspn optimization

    This patch makes the POWER7 optimized strspn generic by using
    default doubleword stores to zero the hash, instead of VSX
    instructions. Performance on POWER7/POWER8 machines does not changed.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d3e53c8246952898cd1fd23dfa0657b03db0e36b

commit d3e53c8246952898cd1fd23dfa0657b03db0e36b
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date:   Mon Dec 1 09:03:58 2014 -0500

    powerpc: strtok{_r} optimization for powerpc64

    This patch optimizes strtok and strtok_r for POWERPC64.
    A table of 256 characters is created and marked based on
    the 'accept' argument and used to check for any occurance on
    the input string.Loop unrolling is also used to gain improvements.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8b063985c1a750a1947fcf60e4606a3b0d7d0f37

commit 8b063985c1a750a1947fcf60e4606a3b0d7d0f37
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Tue Nov 25 14:32:54 2014 -0500

    powerpc: Fix missing barriers in atomic_exchange_and_add_{acq,rel}

    On powerpc, atomic_exchange_and_add is implemented without any
    barriers.  This patchs adds the missing instruction and memory barrier
    for acquire and release semanthics.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=364c58517bdcc91c5bf1fcb57b4befff8951a51b

commit 364c58517bdcc91c5bf1fcb57b4befff8951a51b
Author: Anton Blanchard <anton@samba.org>
Date:   Tue Nov 25 07:26:12 2014 -0500

    powerpc: Fix __arch_compare_and_exchange_bool_64_rel

    Fix a typo in the inline assembly.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=133a24ba079abf1e762bd4d85670e0bd8df660c4

commit 133a24ba079abf1e762bd4d85670e0bd8df660c4
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Wed Nov 19 11:44:12 2014 -0500

    CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.

    The function wordexp() fails to properly handle the WRDE_NOCMD
    flag when processing arithmetic inputs in the form of "$((... ``))"
    where "..." can be anything valid. The backticks in the arithmetic
    epxression are evaluated by in a shell even if WRDE_NOCMD forbade
    command substitution. This allows an attacker to attempt to pass
    dangerous commands via constructs of the above form, and bypass
    the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
    in exec_comm(), the only place that can execute a shell. All other
    checks for WRDE_NOCMD are superfluous and removed.

    We expand the testsuite and add 3 new regression tests of roughly
    the same form but with a couple of nested levels.

    On top of the 3 new tests we add fork validation to the WRDE_NOCMD
    testing. If any forks are detected during the execution of a wordexp()
    call with WRDE_NOCMD, the test is marked as failed. This is slightly
    heuristic since vfork might be used in the future, but it provides a
    higher level of assurance that no shells were executed as part of
    command substitution with WRDE_NOCMD in effect. In addition it doesn't
    require libpthread or libdl, instead we use the public implementation
    namespace function __register_atfork (already part of the public ABI
    for libpthread).

    Tested on x86_64 with no regressions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f8fbd413672816a429adc6b6c191ec8ea73421e8

commit f8fbd413672816a429adc6b6c191ec8ea73421e8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Nov 5 08:01:09 2014 -0500

    powerpc: Simplify encoding of POWER8 instruction

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e154589132de915ef165a1e26f89ba6997170c2b

commit e154589132de915ef165a1e26f89ba6997170c2b
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Nov 3 07:26:33 2014 -0500

    powerpc: Fix encoding of POWER8 instruction

    This patch adds a binary encoding for 'mtvsrd' instruction to avoid
    build failures when assembler does not support POWER8.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46f58099960f7a2603c37c540d2644e392f0fdc7

commit 46f58099960f7a2603c37c540d2644e392f0fdc7
Author: Torvald Riegel <triegel@redhat.com>
Date:   Sat Oct 18 01:01:58 2014 +0200

    powerpc: Change atomic_write_barrier to have release semantics.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5f892cacbdf50322bc3ee2e131c105c71b495086

commit 5f892cacbdf50322bc3ee2e131c105c71b495086
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Tue Jul 15 12:19:09 2014 -0400

    PowerPC: memset optimization for POWER8/PPC64

    This patch adds an optimized memset implementation for POWER8.  For
    sizes from 0 to 255 bytes, a word/doubleword algorithm similar to
    POWER7 optimized one is used.

    For size higher than 255 two strategies are used:

    1. If the constant is different than 0, the memory is written with
       altivec vector instruction;

    2. If constant is 0, dbcz instructions are used.  The loop is unrolled
       to clear 512 byte at time.

    Using vector instructions increases throughput considerable, with a
    double performance for sizes larger than 1024.  The dcbz loops unrolls
    also shows performance improvement, by doubling throughput for sizes
    larger than 8192 bytes.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6bb56b6914e6435e251814a3a0ccd7fb65a7e36

commit e6bb56b6914e6435e251814a3a0ccd7fb65a7e36
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Tue Jul 15 16:54:46 2014 -0400

    PowerPC: multiarch bzero cleanup for PPC64

    This patch cleanups the multiarch bzero for powerpc64 by remove
    the multiarch objects and use instead the the memset embedded
    implementation presented in each multiarch optimization.  The
    code generate is essentially the same, but the TB_TOCLESS (which
    is not essential).

    Conflicts:
        ChangeLog

    This is backport of 3b473fecdf4c52989cd915b649bb6d26c042d048.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10f5f4c8edc35b4c3912456ffee820975e20a50b

commit 10f5f4c8edc35b4c3912456ffee820975e20a50b
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Fri Nov 15 07:44:20 2013 -0600

    Partially revert commit 2663b74f8103a2a8a46b4896439b7a452480fc7c

    This change is necessary in order to avoid the issue documented at
    http://sourceware.org/ml/libc-alpha/2013-05/msg00350.html.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6f905009b29769bd27077389ce4379d5de80df2

commit e6f905009b29769bd27077389ce4379d5de80df2
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date:   Fri Nov 15 07:42:33 2013 -0600

    Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so.

-----------------------------------------------------------------------

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]