cve-2015-0235-etch.diff

1. diff --git a/nss/Makefile b/nss/Makefile
2. index 449a258..553eafa 100644
3. --- a/nss/Makefile
4. +++ b/nss/Makefile
5. @@ -39,7 +39,7 @@
6.  others                  := getent
7.  install-bin             := getent
8.  
9. -tests                  = test-netdb
10. +tests                  = test-netdb test-digits-dots
11.  xtests                 = bug-erange
12.  
13.  include ../Makeconfig
14. diff --git a/nss/digits_dots.c b/nss/digits_dots.c
15. index 2b86295..e007ef4 100644
16. --- a/nss/digits_dots.c
17. +++ b/nss/digits_dots.c
18. @@ -47,7 +47,10 @@
19.      {
20.        if (h_errnop)
21.         *h_errnop = NETDB_INTERNAL;
22. -      *result = NULL;
23. +      if (buffer_size == NULL)
24. +       *status = NSS_STATUS_TRYAGAIN;
25. +            else
26. +       *result = NULL;
27.        return -1;
28.      }
29.  
30. @@ -84,14 +87,16 @@
31.         }
32.  
33.        size_needed = (sizeof (*host_addr)
34. -                    + sizeof (*h_addr_ptrs) + strlen (name) + 1);
35. +                    + sizeof (*h_addr_ptrs)
36. +                    + sizeof (*h_alias_ptr) + strlen (name) + 1);
37.  
38.        if (buffer_size == NULL)
39.          {
40.           if (buflen < size_needed)
41.             {
42. +             *status = NSS_STATUS_TRYAGAIN;
43.               if (h_errnop != NULL)
44. -               *h_errnop = TRY_AGAIN;
45. +               *h_errnop = NETDB_INTERNAL;
46.               __set_errno (ERANGE);
47.               goto done;
48.             }
49. @@ -110,7 +115,7 @@
50.               *buffer_size = 0;
51.               __set_errno (save);
52.               if (h_errnop != NULL)
53. -               *h_errnop = TRY_AGAIN;
54. +               *h_errnop = NETDB_INTERNAL;
55.               *result = NULL;
56.               goto done;
57.             }
58. @@ -150,7 +155,9 @@
59.                   if (! ok)
60.                     {
61.                       *h_errnop = HOST_NOT_FOUND;
62. -                     if (buffer_size)
63. +                     if (buffer_size == NULL)
64. +                       *status = NSS_STATUS_NOTFOUND;
65. +                     else
66.                         *result = NULL;
67.                       goto done;
68.                     }
69. @@ -202,15 +209,6 @@
70.  
71.        if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
72.         {
73. -         const char *cp;
74. -         char *hostname;
75. -         typedef unsigned char host_addr_t[16];
76. -         host_addr_t *host_addr;
77. -         typedef char *host_addr_list_t[2];
78. -         host_addr_list_t *h_addr_ptrs;
79. -         size_t size_needed;
80. -         int addr_size;
81. -
82.           switch (af)
83.             {
84.             default:
85. @@ -226,7 +224,10 @@
86.               /* This is not possible.  We cannot represent an IPv6 address
87.                  in an `struct in_addr' variable.  */
88.               *h_errnop = HOST_NOT_FOUND;
89. -             *result = NULL;
90. +             if (buffer_size == NULL)
91. +               *status = NSS_STATUS_NOTFOUND;
92. +             else
93. +               *result = NULL;
94.               goto done;
95.  
96.             case AF_INET6:
97. @@ -234,42 +235,6 @@
98.               break;
99.             }
100.  
101. -         size_needed = (sizeof (*host_addr)
102. -                        + sizeof (*h_addr_ptrs) + strlen (name) + 1);
103. -
104. -         if (buffer_size == NULL && buflen < size_needed)
105. -           {
106. -             if (h_errnop != NULL)
107. -               *h_errnop = TRY_AGAIN;
108. -             __set_errno (ERANGE);
109. -             goto done;
110. -           }
111. -         else if (buffer_size != NULL && *buffer_size < size_needed)
112. -           {
113. -             char *new_buf;
114. -             *buffer_size = size_needed;
115. -             new_buf = realloc (*buffer, *buffer_size);
116. -
117. -             if (new_buf == NULL)
118. -               {
119. -                 save = errno;
120. -                 free (*buffer);
121. -                 __set_errno (save);
122. -                 *buffer = NULL;
123. -                 *buffer_size = 0;
124. -                 *result = NULL;
125. -                 goto done;
126. -               }
127. -             *buffer = new_buf;
128. -           }
129. -
130. -         memset (*buffer, '\0', size_needed);
131. -
132. -         host_addr = (host_addr_t *) *buffer;
133. -         h_addr_ptrs = (host_addr_list_t *)
134. -           ((char *) host_addr + sizeof (*host_addr));
135. -         hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
136. -
137.           for (cp = name;; ++cp)
138.             {
139.               if (!*cp)
140. @@ -282,7 +247,9 @@
141.                   if (inet_pton (AF_INET6, name, host_addr) <= 0)
142.                     {
143.                       *h_errnop = HOST_NOT_FOUND;
144. -                     if (buffer_size)
145. +                     if (buffer_size == NULL)
146. +                       *status = NSS_STATUS_NOTFOUND;
147. +                     else
148.                         *result = NULL;
149.                       goto done;
150.                     }
151. diff --git a/nss/getXXbyYY_r.c b/nss/getXXbyYY_r.c
152. index 1067744..44d00f4 100644
153. --- a/nss/getXXbyYY_r.c
154. +++ b/nss/getXXbyYY_r.c
155. @@ -149,6 +149,9 @@
156.      case -1:
157.        return errno;
158.      case 1:
159. +#ifdef NEED_H_ERRNO
160. +      any_service = true;
161. +#endif
162.        goto done;
163.      }
164.  #endif
165. diff --git a/nss/test-digits-dots.c b/nss/test-digits-dots.c
166. new file mode 100644
167. index 0000000..1efa344
168. --- /dev/null
169. +++ b/nss/test-digits-dots.c
170. @@ -0,0 +1,38 @@
171. +/* Copyright (C) 2013 Free Software Foundation, Inc.
172. +   This file is part of the GNU C Library.
173. +
174. +   The GNU C Library is free software; you can redistribute it and/or
175. +   modify it under the terms of the GNU Lesser General Public
176. +   License as published by the Free Software Foundation; either
177. +   version 2.1 of the License, or (at your option) any later version.
178. +
179. +   The GNU C Library is distributed in the hope that it will be useful,
180. +   but WITHOUT ANY WARRANTY; without even the implied warranty of
181. +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
182. +   Lesser General Public License for more details.
183. +
184. +   You should have received a copy of the GNU Lesser General Public
185. +   License along with the GNU C Library; if not, see
186. +   <http://www.gnu.org/licenses/>.  */
187. +
188. +/* Testcase for BZ #15014 */
189. +
190. +#include <stdlib.h>
191. +#include <netdb.h>
192. +#include <errno.h>
193. +
194. +static int
195. +do_test (void)
196. +{
197. +  char buf[32];
198. +  struct hostent *result = NULL;
199. +  struct hostent ret;
200. +  int h_err = 0;
201. +  int err;
202. +
203. +  err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err);
204. +  return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE;
205. +}
206. +
207. +#define TEST_FUNCTION do_test ()
208. +#include "../test-skeleton.c"
209. --
210. 1.7.1