AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-21 20:40:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]

Browse Source
This commit is contained in:
Florian Weimer 2018-11-27 16:12:43 +01:00
parent 979cfed05d
commit d527c860f5
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2018-11-27 Florian Weimer <fweimer@redhat.com>
[BZ #23927]
CVE-2018-19591
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Avoid
descriptor leak in case of ENODEV error.
2018-11-27 Rafael Ávila de Espíndola <rafael@espindo.la> 2018-11-27 Rafael Ávila de Espíndola <rafael@espindo.la>
[BZ #19767] [BZ #19767]

4
NEWS
View File

@ -57,7 +57,9 @@ Changes to build and runtime requirements:
Security related changes: Security related changes:
[Add security related changes here] CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
denial of service due to resource exhaustion when processing getaddrinfo
calls with crafted host names. Reported by Guido Vranken.
The following bugs are resolved with this release: The following bugs are resolved with this release:

11
sysdeps/unix/sysv/linux/if_index.c
View File

@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
return 0; return 0;
#else #else
struct ifreq ifr; struct ifreq ifr;
int fd = __opensock ();
if (fd < 0)
return 0;
if (strlen (ifname) >= IFNAMSIZ) if (strlen (ifname) >= IFNAMSIZ)
{ {
__set_errno (ENODEV); __set_errno (ENODEV);
@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
} }
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
int fd = __opensock ();
if (fd < 0)
return 0;
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{ {
int saved_errno = errno; int saved_errno = errno;