vapier 16/03/30 22:01:25
Modified: README.history
Added:
00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch
00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch
00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch
00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch
00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch
00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch
Log:
more upstream fixes
Revision Changes Path
1.4 src/patchsets/glibc/2.23/README.history
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/README.history?rev=1.4&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/README.history?rev=1.4&content-type=text/plain
diff :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/README.history?r1=1.3&r2=1.4
Index: README.history
===================================================================
RCS file: /var/cvsroot/gentoo/src/patchsets/glibc/2.23/README.history,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- README.history 8 Mar 2016 21:50:44 -0000 1.3
+++ README.history 30 Mar 2016 22:01:25 -0000 1.4
@@ -1,5 +1,11 @@
-3 [pending]
+3 30 Mar 2016
+ 00_all_0013-Add-sys-auxv.h-wrapper-to-include-sys.patch
+ + 00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch
+ + 00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch
+ + 00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch
+ + 00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch
+ + 00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch
+ + 00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch
2 07 Mar 2016
+ 00_all_0010-x86_64-Set-DL_RUNTIME_UNALIGNED_VEC_SIZE-to-8.patch
1.1
src/patchsets/glibc/2.23/00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch?rev=1.1&content-type=text/plain
Index: 00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch
===================================================================
>From 8649aef19cb2edcc5bfa86e5e8b89f2c80401b0f Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <[email protected]>
Date: Wed, 9 Mar 2016 00:25:00 +0100
Subject: [PATCH] mips: terminate the FDE before the return trampoline in
makecontext
In makecontext the FDE needs to be terminated before the return
trampoline otherwise backtrace called within a context created by
makecontext yields infinite backtrace.
This bug has been present for a long time, stdlib/tst-makecontext did
not fail until recent commit e535ce25. Tested on mips-linux-gnu and
mips64el-linux-gnuabi64 and mips-linux-gnu, no regression.
This fixes stdlib/tst-makecontext on MIPS.
Changelog:
[BZ #19792]
* sysdeps/unix/sysv/linux/mips/makecontext.S (__makecontext):
Terminate FDE before return label.
(cherry picked from commit f8e9c4d30c28b8815e65a391416e8b15d2e7cbb8)
(cherry picked from commit 63ed4db4b45cab21cf6f68aac7b9fce2f770fe74)
---
sysdeps/unix/sysv/linux/mips/makecontext.S | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sysdeps/unix/sysv/linux/mips/makecontext.S
b/sysdeps/unix/sysv/linux/mips/makecontext.S
index 66600c7..3196554 100644
--- a/sysdeps/unix/sysv/linux/mips/makecontext.S
+++ b/sysdeps/unix/sysv/linux/mips/makecontext.S
@@ -153,6 +153,11 @@ NESTED (__makecontext, FRAMESZ, ra)
#endif
jr ra
+ /* We need to terminate the FDE to stop unwinding if backtrace was
+ called within a context created by makecontext. */
+ cfi_endproc
+ nop
+
99:
#ifdef __PIC__
move gp, s1
@@ -186,6 +191,8 @@ NESTED (__makecontext, FRAMESZ, ra)
1:
lb zero, (zero)
b 1b
+
+ cfi_startproc
PSEUDO_END (__makecontext)
weak_alias (__makecontext, makecontext)
--
2.7.4
1.1
src/patchsets/glibc/2.23/00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch?rev=1.1&content-type=text/plain
Index: 00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch
===================================================================
>From e62ac4543797b29a8851a43ec03e3718200dd612 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <[email protected]>
Date: Sun, 6 Mar 2016 08:23:24 -0800
Subject: [PATCH] Use HAS_ARCH_FEATURE with Fast_Rep_String
HAS_ARCH_FEATURE, not HAS_CPU_FEATURE, should be used with
Fast_Rep_String.
[BZ #19762]
* sysdeps/i386/i686/multiarch/bcopy.S (bcopy): Use
HAS_ARCH_FEATURE with Fast_Rep_String.
* sysdeps/i386/i686/multiarch/bzero.S (__bzero): Likewise.
* sysdeps/i386/i686/multiarch/memcpy.S (memcpy): Likewise.
* sysdeps/i386/i686/multiarch/memcpy_chk.S (__memcpy_chk):
Likewise.
* sysdeps/i386/i686/multiarch/memmove_chk.S (__memmove_chk):
Likewise.
* sysdeps/i386/i686/multiarch/mempcpy.S (__mempcpy): Likewise.
* sysdeps/i386/i686/multiarch/mempcpy_chk.S (__mempcpy_chk):
Likewise.
* sysdeps/i386/i686/multiarch/memset.S (memset): Likewise.
* sysdeps/i386/i686/multiarch/memset_chk.S (__memset_chk):
Likewise.
(cherry picked from commit 4e940b2f4b577f3a530e0580373f7c2d569f4d63)
(cherry picked from commit 0594fd054623b0ac4c481582ab3664a74aadbf69)
---
sysdeps/i386/i686/multiarch/bcopy.S | 2 +-
sysdeps/i386/i686/multiarch/bzero.S | 2 +-
sysdeps/i386/i686/multiarch/memcpy.S | 2 +-
sysdeps/i386/i686/multiarch/memcpy_chk.S | 2 +-
sysdeps/i386/i686/multiarch/memmove_chk.S | 2 +-
sysdeps/i386/i686/multiarch/mempcpy.S | 2 +-
sysdeps/i386/i686/multiarch/mempcpy_chk.S | 2 +-
sysdeps/i386/i686/multiarch/memset.S | 2 +-
sysdeps/i386/i686/multiarch/memset_chk.S | 2 +-
9 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/sysdeps/i386/i686/multiarch/bcopy.S
b/sysdeps/i386/i686/multiarch/bcopy.S
index d5b408d..ce6661b 100644
--- a/sysdeps/i386/i686/multiarch/bcopy.S
+++ b/sysdeps/i386/i686/multiarch/bcopy.S
@@ -36,7 +36,7 @@ ENTRY(bcopy)
HAS_CPU_FEATURE (SSSE3)
jz 2f
LOAD_FUNC_GOT_EAX (__bcopy_ssse3)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__bcopy_ssse3_rep)
2: ret
diff --git a/sysdeps/i386/i686/multiarch/bzero.S
b/sysdeps/i386/i686/multiarch/bzero.S
index 3bad417..738ca69 100644
--- a/sysdeps/i386/i686/multiarch/bzero.S
+++ b/sysdeps/i386/i686/multiarch/bzero.S
@@ -31,7 +31,7 @@ ENTRY(__bzero)
HAS_CPU_FEATURE (SSE2)
jz 2f
LOAD_FUNC_GOT_EAX ( __bzero_sse2)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__bzero_sse2_rep)
2: ret
diff --git a/sysdeps/i386/i686/multiarch/memcpy.S
b/sysdeps/i386/i686/multiarch/memcpy.S
index 27913ea..652b5a2 100644
--- a/sysdeps/i386/i686/multiarch/memcpy.S
+++ b/sysdeps/i386/i686/multiarch/memcpy.S
@@ -38,7 +38,7 @@ ENTRY(memcpy)
HAS_CPU_FEATURE (SSSE3)
jz 2f
LOAD_FUNC_GOT_EAX (__memcpy_ssse3)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__memcpy_ssse3_rep)
2: ret
diff --git a/sysdeps/i386/i686/multiarch/memcpy_chk.S
b/sysdeps/i386/i686/multiarch/memcpy_chk.S
index 39bc3c2..0eee32c 100644
--- a/sysdeps/i386/i686/multiarch/memcpy_chk.S
+++ b/sysdeps/i386/i686/multiarch/memcpy_chk.S
@@ -39,7 +39,7 @@ ENTRY(__memcpy_chk)
HAS_CPU_FEATURE (SSSE3)
jz 2f
LOAD_FUNC_GOT_EAX (__memcpy_chk_ssse3)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__memcpy_chk_ssse3_rep)
2: ret
diff --git a/sysdeps/i386/i686/multiarch/memmove_chk.S
b/sysdeps/i386/i686/multiarch/memmove_chk.S
index c27892d..a29bbc9 100644
--- a/sysdeps/i386/i686/multiarch/memmove_chk.S
+++ b/sysdeps/i386/i686/multiarch/memmove_chk.S
@@ -36,7 +36,7 @@ ENTRY(__memmove_chk)
HAS_CPU_FEATURE (SSSE3)
jz 2f
LOAD_FUNC_GOT_EAX (__memmove_chk_ssse3)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__memmove_chk_ssse3_rep)
2: ret
diff --git a/sysdeps/i386/i686/multiarch/mempcpy.S
b/sysdeps/i386/i686/multiarch/mempcpy.S
index 141ff2e..b46f3fc 100644
--- a/sysdeps/i386/i686/multiarch/mempcpy.S
+++ b/sysdeps/i386/i686/multiarch/mempcpy.S
@@ -38,7 +38,7 @@ ENTRY(__mempcpy)
HAS_CPU_FEATURE (SSSE3)
jz 2f
LOAD_FUNC_GOT_EAX (__mempcpy_ssse3)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__mempcpy_ssse3_rep)
2: ret
diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
index 2788b66..30f3629 100644
--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
@@ -39,7 +39,7 @@ ENTRY(__mempcpy_chk)
HAS_CPU_FEATURE (SSSE3)
jz 2f
LOAD_FUNC_GOT_EAX (__mempcpy_chk_ssse3)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__mempcpy_chk_ssse3_rep)
2: ret
diff --git a/sysdeps/i386/i686/multiarch/memset.S
b/sysdeps/i386/i686/multiarch/memset.S
index 268df0c..14180e4 100644
--- a/sysdeps/i386/i686/multiarch/memset.S
+++ b/sysdeps/i386/i686/multiarch/memset.S
@@ -31,7 +31,7 @@ ENTRY(memset)
HAS_CPU_FEATURE (SSE2)
jz 2f
LOAD_FUNC_GOT_EAX (__memset_sse2)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__memset_sse2_rep)
2: ret
diff --git a/sysdeps/i386/i686/multiarch/memset_chk.S
b/sysdeps/i386/i686/multiarch/memset_chk.S
index d18b53f..d73f202 100644
--- a/sysdeps/i386/i686/multiarch/memset_chk.S
+++ b/sysdeps/i386/i686/multiarch/memset_chk.S
@@ -31,7 +31,7 @@ ENTRY(__memset_chk)
HAS_CPU_FEATURE (SSE2)
jz 2f
LOAD_FUNC_GOT_EAX (__memset_chk_sse2)
- HAS_CPU_FEATURE (Fast_Rep_String)
+ HAS_ARCH_FEATURE (Fast_Rep_String)
jz 2f
LOAD_FUNC_GOT_EAX (__memset_chk_sse2_rep)
2: ret
--
2.7.4
1.1
src/patchsets/glibc/2.23/00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch?rev=1.1&content-type=text/plain
Index: 00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch
===================================================================
>From 4b06de856395d37848fc97bbc032c8c3dce5eb52 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <[email protected]>
Date: Tue, 8 Mar 2016 10:57:31 -0800
Subject: [PATCH] Define _HAVE_STRING_ARCH_mempcpy to 1 for x86
Since x86 has an optimized mempcpy and GCC can inline mempcpy on x86,
define _HAVE_STRING_ARCH_mempcpy to 1 for x86.
[BZ #19759]
* sysdeps/x86/bits/string.h (_HAVE_STRING_ARCH_mempcpy): New.
(cherry picked from commit 2b35e48c0c547b3f6f81996ce7ad7d67e24c7329)
(cherry picked from commit b4456470a64a1e4e466a98dca3b51bf63fb5a13c)
---
sysdeps/x86/bits/string.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sysdeps/x86/bits/string.h b/sysdeps/x86/bits/string.h
index e4e019f..8dfce05 100644
--- a/sysdeps/x86/bits/string.h
+++ b/sysdeps/x86/bits/string.h
@@ -23,6 +23,9 @@
/* Use the unaligned string inline ABI. */
#define _STRING_INLINE_unaligned 1
+/* Don't inline mempcpy into memcpy as x86 has an optimized mempcpy. */
+#define _HAVE_STRING_ARCH_mempcpy 1
+
/* Enable inline functions only for i486 or better when compiling for
ia32. */
#if !defined __x86_64__ && (defined __i486__ || defined __pentium__ \
--
2.7.4
1.1
src/patchsets/glibc/2.23/00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch?rev=1.1&content-type=text/plain
Index: 00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch
===================================================================
>From 939f86004862d36b3bba15167b02047135e22e46 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <[email protected]>
Date: Thu, 3 Mar 2016 14:51:40 -0800
Subject: [PATCH] Or bit_Prefer_MAP_32BIT_EXEC in EXTRA_LD_ENVVARS
We should turn on bit_Prefer_MAP_32BIT_EXEC in EXTRA_LD_ENVVARS without
overriding other bits.
[BZ #19758]
* sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
(EXTRA_LD_ENVVARS): Or bit_Prefer_MAP_32BIT_EXEC.
(cherry picked from commit 33ab2ad58eba55de05a05f4adb795e1c172024bb)
---
sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
index c9db5ea..a759934 100644
--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
@@ -33,7 +33,7 @@
case 21: \
if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
GLRO(dl_x86_cpu_features).feature[index_Prefer_MAP_32BIT_EXEC] \
- = bit_Prefer_MAP_32BIT_EXEC; \
+ |= bit_Prefer_MAP_32BIT_EXEC; \
break;
/* Extra unsecure variables. The names are all stuffed in a single
--
2.7.4
1.1
src/patchsets/glibc/2.23/00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch?rev=1.1&content-type=text/plain
Index: 00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch
===================================================================
>From 2e39530c16a949a76d0a273a43d44682d9dbe109 Mon Sep 17 00:00:00 2001
From: Andreas Schwab <[email protected]>
Date: Wed, 18 Nov 2015 15:45:59 +0100
Subject: [PATCH] Fix resource leak in resolver (bug 19257)
The number of currently defined nameservers is stored in ->nscount,
whereas ->_u._ext.nscount is set by __libc_res_nsend only after local
initializations.
(cherry picked from commit 5e7fdabd7df1fc6c56d104e61390bf5a6b526c38)
(cherry picked from commit 317da342ba4417c30d985f5593d78bb1364a62c3)
---
resolv/res_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/resolv/res_init.c b/resolv/res_init.c
index e0b6a80..6c951f5 100644
--- a/resolv/res_init.c
+++ b/resolv/res_init.c
@@ -594,7 +594,7 @@ __res_iclose(res_state statp, bool free_addr) {
statp->_vcsock = -1;
statp->_flags &= ~(RES_F_VC | RES_F_CONN);
}
- for (ns = 0; ns < statp->_u._ext.nscount; ns++)
+ for (ns = 0; ns < statp->nscount; ns++)
if (statp->_u._ext.nsaddrs[ns]) {
if (statp->_u._ext.nssocks[ns] != -1) {
close_not_cancel_no_status(statp->_u._ext.nssocks[ns]);
--
2.7.4
1.1
src/patchsets/glibc/2.23/00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch?rev=1.1&content-type=text/plain
Index: 00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch
===================================================================
>From c51410d427a863b076443efe7c18b1aef07d3a7b Mon Sep 17 00:00:00 2001
From: Florian Weimer <[email protected]>
Date: Fri, 25 Mar 2016 11:49:51 +0100
Subject: [PATCH] resolv: Always set *resplen2 out parameter in send_dg [BZ
#19791]
Since commit 44d20bca52ace85850012b0ead37b360e3ecd96e (Implement
second fallback mode for DNS requests), there is a code path which
returns early, before *resplen2 is initialized. This happens if the
name server address is immediately recognized as invalid (because of
lack of protocol support, or if it is a broadcast address such
255.255.255.255, or another invalid address).
If this happens and *resplen2 was non-zero (which is the case if a
previous query resulted in a failure), __libc_res_nquery would reuse
an existing second answer buffer. This answer has been previously
identified as unusable (for example, it could be an NXDOMAIN
response). Due to the presence of a second answer, no name server
switching will occur. The result is a name resolution failure,
although a successful resolution would have been possible if name
servers have been switched and queries had proceeded along the search
path.
The above paragraph still simplifies the situation. Before glibc
2.23, if the second answer needed malloc, the stub resolver would
still attempt to reuse the second answer, but this is not possible
because __libc_res_nsearch has freed it, after the unsuccessful call
to __libc_res_nquerydomain, and set the buffer pointer to NULL. This
eventually leads to an assertion failure in __libc_res_nquery:
/* Make sure both hp and hp2 are defined */
assert((hp != NULL) && (hp2 != NULL));
If assertions are disabled, the consequence is a NULL pointer
dereference on the next line.
Starting with glibc 2.23, as a result of commit
e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca (CVE-2015-7547: getaddrinfo()
stack-based buffer overflow (Bug 18665)), the second answer is always
allocated with malloc. This means that the assertion failure happens
with small responses as well because there is no buffer to reuse, as
soon as there is a name resolution failure which triggers a search for
an answer along the search path.
This commit addresses the issue by ensuring that *resplen2 is
initialized before the send_dg function returns.
This commit also addresses a bug where an invalid second reply is
incorrectly returned as a valid to the caller.
(cherry picked from commit b66d837bb5398795c6b0f651bd5a5d66091d8577)
(cherry picked from commit 3a188eb4e641d2df0cfd352fd09232347f28fbe1)
---
resolv/res_send.c | 63 +++++++++++++++++++++++++++++++++++--------------------
1 file changed, 40 insertions(+), 23 deletions(-)
diff --git a/resolv/res_send.c b/resolv/res_send.c
index 25c19f1..b4efcb6 100644
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -649,6 +649,18 @@ get_nsaddr (res_state statp, int n)
return (struct sockaddr *) (void *) &statp->nsaddr_list[n];
}
+/* Close the resolver structure, assign zero to *RESPLEN2 if RESPLEN2
+ is not NULL, and return zero. */
+static int
+__attribute__ ((warn_unused_result))
+close_and_return_error (res_state statp, int *resplen2)
+{
+ __res_iclose(statp, false);
+ if (resplen2 != NULL)
+ *resplen2 = 0;
+ return 0;
+}
+
/* The send_vc function is responsible for sending a DNS query over TCP
to the nameserver numbered NS from the res_state STATP i.e.
EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
@@ -1114,7 +1126,11 @@ send_dg(res_state statp,
retry_reopen:
retval = reopen (statp, terrno, ns);
if (retval <= 0)
- return retval;
+ {
+ if (resplen2 != NULL)
+ *resplen2 = 0;
+ return retval;
+ }
retry:
evNowTime(&now);
evConsTime(&timeout, seconds, 0);
@@ -1127,8 +1143,6 @@ send_dg(res_state statp,
int recvresp2 = buf2 == NULL;
pfd[0].fd = EXT(statp).nssocks[ns];
pfd[0].events = POLLOUT;
- if (resplen2 != NULL)
- *resplen2 = 0;
wait:
if (need_recompute) {
recompute_resend:
@@ -1136,9 +1150,7 @@ send_dg(res_state statp,
if (evCmpTime(finish, now) <= 0) {
poll_err_out:
Perror(statp, stderr, "poll", errno);
- err_out:
- __res_iclose(statp, false);
- return (0);
+ return close_and_return_error (statp, resplen2);
}
evSubTime(&timeout, &finish, &now);
need_recompute = 0;
@@ -1185,7 +1197,9 @@ send_dg(res_state statp,
}
*gotsomewhere = 1;
- return (0);
+ if (resplen2 != NULL)
+ *resplen2 = 0;
+ return 0;
}
if (n < 0) {
if (errno == EINTR)
@@ -1253,7 +1267,7 @@ send_dg(res_state statp,
fail_sendmmsg:
Perror(statp, stderr, "sendmmsg", errno);
- goto err_out;
+ return close_and_return_error (statp, resplen2);
}
}
else
@@ -1271,7 +1285,7 @@ send_dg(res_state statp,
if (errno == EINTR || errno == EAGAIN)
goto recompute_resend;
Perror(statp, stderr, "send", errno);
- goto err_out;
+ return close_and_return_error (statp, resplen2);
}
just_one:
if (nwritten != 0 || buf2 == NULL || single_request)
@@ -1349,7 +1363,7 @@ send_dg(res_state statp,
goto wait;
}
Perror(statp, stderr, "recvfrom", errno);
- goto err_out;
+ return close_and_return_error (statp, resplen2);
}
*gotsomewhere = 1;
if (__glibc_unlikely (*thisresplenp < HFIXEDSZ)) {
@@ -1360,7 +1374,7 @@ send_dg(res_state statp,
(stdout, ";; undersized: %d\n",
*thisresplenp));
*terrno = EMSGSIZE;
- goto err_out;
+ return close_and_return_error (statp, resplen2);
}
if ((recvresp1 || hp->id != anhp->id)
&& (recvresp2 || hp2->id != anhp->id)) {
@@ -1409,7 +1423,7 @@ send_dg(res_state statp,
? *thisanssizp : *thisresplenp);
/* record the error */
statp->_flags |= RES_F_EDNS0ERR;
- goto err_out;
+ return close_and_return_error (statp, resplen2);
}
#endif
if (!(statp->options & RES_INSECURE2)
@@ -1461,10 +1475,10 @@ send_dg(res_state statp,
goto wait;
}
- __res_iclose(statp, false);
/* don't retry if called from dig */
if (!statp->pfcode)
- return (0);
+ return close_and_return_error (statp, resplen2);
+ __res_iclose(statp, false);
}
if (anhp->rcode == NOERROR && anhp->ancount == 0
&& anhp->aa == 0 && anhp->ra == 0 && anhp->arcount == 0) {
@@ -1486,6 +1500,8 @@ send_dg(res_state statp,
__res_iclose(statp, false);
// XXX if we have received one reply we could
// XXX use it and not repeat it over TCP...
+ if (resplen2 != NULL)
+ *resplen2 = 0;
return (1);
}
/* Mark which reply we received. */
@@ -1501,21 +1517,22 @@ send_dg(res_state statp,
__res_iclose (statp, false);
retval = reopen (statp, terrno, ns);
if (retval <= 0)
- return retval;
+ {
+ if (resplen2 != NULL)
+ *resplen2 = 0;
+ return retval;
+ }
pfd[0].fd = EXT(statp).nssocks[ns];
}
}
goto wait;
}
- /*
- * All is well, or the error is fatal. Signal that the
- * next nameserver ought not be tried.
- */
+ /* All is well. We have received both responses (if
+ two responses were requested). */
return (resplen);
- } else if (pfd[0].revents & (POLLERR | POLLHUP | POLLNVAL)) {
- /* Something went wrong. We can stop trying. */
- goto err_out;
- }
+ } else if (pfd[0].revents & (POLLERR | POLLHUP | POLLNVAL))
+ /* Something went wrong. We can stop trying. */
+ return close_and_return_error (statp, resplen2);
else {
/* poll should not have returned > 0 in this case. */
abort ();
--
2.7.4
