This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.28.9000-321-gd527c86

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 27 Nov 2018 17:13:16 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.28.9000-321-gd527c86

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  d527c860f5a3f0ed687bd03f0cb464612dc23408 (commit)
      from  979cfed05d0ee5a9d81d310ea1eb2d590739e36b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d527c860f5a3f0ed687bd03f0cb464612dc23408

commit d527c860f5a3f0ed687bd03f0cb464612dc23408
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Nov 27 16:12:43 2018 +0100

    CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]

diff --git a/ChangeLog b/ChangeLog
index 9bf877e..086cbd4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2018-11-27  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #23927]
+	CVE-2018-19591
+	* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Avoid
+	descriptor leak in case of ENODEV error.
+
 2018-11-27  Rafael Ã?vila de EspÃndola  <rafael@espindo.la>
 
 	[BZ #19767]
diff --git a/NEWS b/NEWS
index f488821..1098be1 100644
--- a/NEWS
+++ b/NEWS
@@ -57,7 +57,9 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
+  denial of service due to resource exhaustion when processing getaddrinfo
+  calls with crafted host names.  Reported by Guido Vranken.
 
 The following bugs are resolved with this release:
 
diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c
index e3d0898..782fc5e 100644
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
   return 0;
 #else
   struct ifreq ifr;
-  int fd = __opensock ();
-
-  if (fd < 0)
-    return 0;
-
   if (strlen (ifname) >= IFNAMSIZ)
     {
       __set_errno (ENODEV);
@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
     }
 
   strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+
+  int fd = __opensock ();
+
+  if (fd < 0)
+    return 0;
+
   if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
     {
       int saved_errno = errno;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                          |    7 +++++++
 NEWS                               |    4 +++-
 sysdeps/unix/sysv/linux/if_index.c |   11 ++++++-----
 3 files changed, 16 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]