Browse code
glibc: fix CVE-2018-19591
Actually glibc-2.22 does not affect by this CVE.
The vulnerability was introduced in commit
2180fee114b778515b3f560e5ff1e795282e60b0 ("Check length of ifname before
copying it into to ifreq structure."), fixing bug 22442 for glibc 2.27.
Since this addressed a compiler warning with GCC 8, this commit was
backported to quite a few release branches.
Our version was affected only by bug 22442.
So applying both comits to be free of the bug and of the CVE.
Change-Id: Ia11f2316f2c76d1320d6b58fe3d5a85982db44f3
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6702
Tested-by: michellew <michellew@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Alexey Makhalov authored on 2019/02/14 09:17:28Showing 3 changed files
- SPECS/glibc/glibc-Check-length-of-ifname-before-copying-it-into-to-ifreq-structure.patch
- SPECS/glibc/glibc-fix-CVE-2018-19591.patch
- SPECS/glibc/glibc.spec
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,33 @@ |
| 0 |
+From 2180fee114b778515b3f560e5ff1e795282e60b0 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Steve Ellcey <sellcey@caviumnetworks.com> |
|
| 2 |
+Date: Wed, 15 Nov 2017 08:58:48 -0800 |
|
| 3 |
+Subject: [PATCH] Check length of ifname before copying it into to ifreq |
|
| 4 |
+ structure. |
|
| 5 |
+ |
|
| 6 |
+ [BZ #22442] |
|
| 7 |
+ * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): |
|
| 8 |
+ Check if ifname is too long. |
|
| 9 |
+--- |
|
| 10 |
+ sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ |
|
| 11 |
+ 1 file changed, 6 insertions(+) |
|
| 12 |
+ |
|
| 13 |
+diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c |
|
| 14 |
+index 56f3f13..e7ca27b 100644 |
|
| 15 |
+--- a/sysdeps/unix/sysv/linux/if_index.c |
|
| 16 |
+@@ -43,6 +43,12 @@ __if_nametoindex (const char *ifname) |
|
| 17 |
+ if (fd < 0) |
|
| 18 |
+ return 0; |
|
| 19 |
+ |
|
| 20 |
++ if (strlen (ifname) >= IFNAMSIZ) |
|
| 21 |
++ {
|
|
| 22 |
++ __set_errno (ENODEV); |
|
| 23 |
++ return 0; |
|
| 24 |
++ } |
|
| 25 |
++ |
|
| 26 |
+ strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); |
|
| 27 |
+ if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) |
|
| 28 |
+ {
|
|
| 29 |
+-- |
|
| 30 |
+2.9.3 |
|
| 31 |
+ |
| 0 | 32 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,38 @@ |
| 0 |
+From: Florian Weimer <fweimer@redhat.com> |
|
| 1 |
+Date: Tue, 27 Nov 2018 15:12:43 +0000 (+0100) |
|
| 2 |
+Subject: CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927] |
|
| 3 |
+X-Git-Tag: glibc-2.29~272 |
|
| 4 |
+X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff_plain;h=d527c860f5a3f0ed687bd03f0cb464612dc23408 |
|
| 5 |
+ |
|
| 6 |
+CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927] |
|
| 7 |
+--- |
|
| 8 |
+ |
|
| 9 |
+diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c |
|
| 10 |
+index e3d0898..782fc5e 100644 |
|
| 11 |
+--- a/sysdeps/unix/sysv/linux/if_index.c |
|
| 12 |
+@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname) |
|
| 13 |
+ return 0; |
|
| 14 |
+ #else |
|
| 15 |
+ struct ifreq ifr; |
|
| 16 |
+- int fd = __opensock (); |
|
| 17 |
+- |
|
| 18 |
+- if (fd < 0) |
|
| 19 |
+- return 0; |
|
| 20 |
+- |
|
| 21 |
+ if (strlen (ifname) >= IFNAMSIZ) |
|
| 22 |
+ {
|
|
| 23 |
+ __set_errno (ENODEV); |
|
| 24 |
+@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname) |
|
| 25 |
+ } |
|
| 26 |
+ |
|
| 27 |
+ strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); |
|
| 28 |
++ |
|
| 29 |
++ int fd = __opensock (); |
|
| 30 |
++ |
|
| 31 |
++ if (fd < 0) |
|
| 32 |
++ return 0; |
|
| 33 |
++ |
|
| 34 |
+ if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) |
|
| 35 |
+ {
|
|
| 36 |
+ int saved_errno = errno; |
| ... | ... |
@@ -4,7 +4,7 @@ |
| 4 | 4 |
Summary: Main C library |
| 5 | 5 |
Name: glibc |
| 6 | 6 |
Version: 2.26 |
| 7 |
-Release: 13%{?dist}
|
|
| 7 |
+Release: 14%{?dist}
|
|
| 8 | 8 |
License: LGPLv2+ |
| 9 | 9 |
URL: http://www.gnu.org/software/libc |
| 10 | 10 |
Group: Applications/System |
| ... | ... |
@@ -28,6 +28,8 @@ Patch10: glibc-fix-CVE-2017-15671.patch |
| 28 | 28 |
Patch11: glibc-fix-CVE-2017-18269.patch |
| 29 | 29 |
Patch12: glibc-fix-CVE-2018-11236.patch |
| 30 | 30 |
Patch13: glibc-fix-CVE-2018-11237.patch |
| 31 |
+Patch14: glibc-Check-length-of-ifname-before-copying-it-into-to-ifreq-structure.patch |
|
| 32 |
+Patch15: glibc-fix-CVE-2018-19591.patch |
|
| 31 | 33 |
Provides: rtld(GNU_HASH) |
| 32 | 34 |
Requires: filesystem |
| 33 | 35 |
%description |
| ... | ... |
@@ -95,6 +97,8 @@ sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile |
| 95 | 95 |
%patch11 -p1 |
| 96 | 96 |
%patch12 -p1 |
| 97 | 97 |
%patch13 -p1 |
| 98 |
+%patch14 -p1 |
|
| 99 |
+%patch15 -p1 |
|
| 98 | 100 |
|
| 99 | 101 |
install -vdm 755 %{_builddir}/%{name}-build
|
| 100 | 102 |
# do not try to explicitly provide GLIBC_PRIVATE versioned libraries |
| ... | ... |
@@ -299,6 +303,8 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: |
| 299 | 299 |
|
| 300 | 300 |
|
| 301 | 301 |
%changelog |
| 302 |
+* Wed Feb 13 2019 Alexey Makhalov <amakhalov@vmware.com> 2.26-14 |
|
| 303 |
+- Fix for CVE-2018-19591. |
|
| 302 | 304 |
* Tue Jun 26 2018 Keerthana K <keerthanak@vmware.com> 2.26-13 |
| 303 | 305 |
- Fix for CVE-2018-11236, CVE-2018-11237. |
| 304 | 306 |
* Mon Jun 25 2018 Keerthana K <keerthanak@vmware.com> 2.26-12 |