Commit Graph

26355 Commits

Author SHA1 Message Date
Siddhesh Poyarekar
7cbcdb3699 Fix stack overflow due to large AF_INET6 requests
Resolves #16072 (CVE-2013-4458).

This patch fixes another stack overflow in getaddrinfo when it is
called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
but the AF_INET6 case went undetected back then.
2013-10-25 10:22:12 +05:30
Allan McRae
894f3f1049 Fix incorrect getaddrinfo assertion trigger
[BZ #9954]

With the following /etc/hosts:
127.0.0.1       www.my-domain.es
127.0.1.1       www.my-domain.es
192.168.0.1     www.my-domain.es

Using getaddrinfo() on www.my-domain.es, trigger the following assertion:
../sysdeps/posix/getaddrinfo.c:1473: rfc3484_sort: Assertion
`src->results[i].native == -1 || src->results[i].native == a1_native' failed.

This is due to two different bugs:
- In rfc3484_sort() rule 7, src->results[i].native is assigned even if
src->results[i].index is -1, meaning that no interface is associated.
- In getaddrinfo() the source IP address used with the lo interface needs a
special case, as it can be any IP within 127.X.Y.Z.
2013-10-25 14:28:32 +10:00
Chris Leonard
b85545a671 Adjust language-code fields of LC_ADDRESS. 2013-10-24 11:43:38 -04:00
Ondřej Bílka
d1f23d46da Document rpcgen -5. Fixes bug 15825 2013-10-21 10:02:31 +02:00
Michael Stahl
4db5b08f91 Print the reason why preloading failed in do_preload() 2013-10-20 10:34:09 +02:00
Ondřej Bílka
a471e96a53 When glob pattern contains a trailing slash match only directories. Fixes bug 10278. 2013-10-20 10:03:19 +02:00
Ondřej Bílka
45c30c61c9 Replace alloca in __tzfile_read by malloc. Fixes bug 15670 2013-10-20 08:26:05 +02:00
Carlos O'Donell
3d7dc513b7 Mention FIPS 140-2 compliance and Sun RPC.
The Secure RPC implementation in glibc uses DES encryption
during authentication of the user. This use of DES means
that anyone using Sun RPC will likely not be compliant
with FIPS 140-2 which forbids the use of DES.

One solution to the compliance issue is to disable AUTH_DES
and AUTH_KERB, both use DES, when in FIPS compliance mode.
This is not a good idea because it disables all of the even
mildly secure methods of authentication allowing only plain
text methods.

Instead we leave AUTH_DES and AUTH_KERB enabled in FIPS
compliance mode and document the compliance issue in the
manual. FIPS allows this, that is to say that if you can't
fix it you must document the non-compliance.

This commit adds documentation to that effect in the
"DES encryption and password handling" section of the
manual.
2013-10-19 00:11:31 -04:00
Carlos O'Donell
484c12fb1e Enhance localedef --list-archive option.
The localedef --list-archive option claims that it can
accept a [file] argument and list the contents of that
archive. The support was never implemented. This patch
adds that support and allows --list-archive to work as
expected. You can now use localedef to list the contents
of arbitrary locale archives by using:
./localedef --list-archive file
2013-10-18 23:44:35 -04:00
Joseph Myers
de5d4f4c8a Move entries to correct port ChangeLog files. 2013-10-18 21:28:57 +00:00
Joseph Myers
3c8325fb47 Add e500 port. 2013-10-18 21:04:22 +00:00
Joseph Myers
289528850d Remove duplicate bug numbers from NEWS. 2013-10-18 21:00:20 +00:00
Richard Sandiford
5abe068233 Fix localedef collation handling of <U0000> (bug 15948). 2013-10-18 20:58:31 +00:00
Siddhesh Poyarekar
c7738d0822 Don't include tls.h in test cases
Remove tls.h includes where they are not needed.
2013-10-18 19:45:36 +05:30
Ondřej Bílka
0bfcf2c73c Remove assert in malloc statistic. Fixes bug 12486. 2013-10-18 09:35:15 +02:00
Ondřej Bílka
264aad1e6a Fix inet_network("1 bar"). Fixes bug 15277. 2013-10-17 18:34:29 +02:00
Andreas Schwab
b957ced889 Don't use gethostbyaddr to determine canonical name 2013-10-17 16:34:27 +02:00
Ondřej Bílka
c5d5d574cb Format floating routines. 2013-10-17 16:03:24 +02:00
Joseph Myers
e5c2c2d0c0 soft-fp: make extensions quiet signaling NaNs (bug 16041). 2013-10-17 12:36:02 +00:00
Joseph Myers
51ca9e29af soft-fp: fix horizontal whitespace. 2013-10-16 01:22:21 +00:00
Joseph Myers
9ebb0332fc soft-fp: remove unused macros. 2013-10-15 23:33:37 +00:00
Ondřej Bílka
4b1a6d8bc9 Clear initfini list after freeing. Fixes bug 15308. 2013-10-15 09:47:33 +02:00
Joseph Myers
1e14558915 soft-fp: fix vertical whitespace and indentation. 2013-10-15 00:17:35 +00:00
Ondřej Bílka
17c48a60b8 Fix error_tail overflow in allocation calculation. 2013-10-14 17:15:48 +02:00
Ondřej Bílka
cabba9343c Correctly copy resolver address. Fixes bug #13028. 2013-10-14 08:17:09 +02:00
Patrick 'P. J.' McDermott
94bf958a94 ldd: make try_trace more robust and portable
It was noted in 2005 (BZ #832), 2006 (BZ #3266), and 2007 [1] that ldd
fails on shells other than Bash >= 3.0 because of the pipefail option
around try_trace (added on 2004-12-08).  EGLIBC was patched in 2008 [2]
(r6912) to make the pipefail check run only on shells that support it,
but RTLD output would still be lost on other shells with certain SELinux
policies.

This patch rewrites try_trace to work on any POSIX-conformant shell in
such a way as to also work with such SELinux policies.  It also obviates
one difference between glibc and EGLIBC.

URL: https://sourceware.org/ml/libc-alpha/2007-01/msg00041.html
URL: http://www.eglibc.org/archives/patches/msg00526.html

2013-09-11  P. J. McDermott  <pj@pehjota.net>

	[BZ #832]
	* elf/ldd.bash.in (try_trace): More robustly and portably work around
	SELinux terminal write permissions by using a command substitution
	instead of a pipeline and pipefail option.
2013-10-14 01:57:46 -04:00
Chris Leonard
0abe1dd536 Adjust language-code fields of LC_ADDRESS. 2013-10-13 08:59:50 -04:00
Joseph Myers
71b4dea7dc soft-fp: fix preprocessor indentation. 2013-10-12 14:15:30 +00:00
Yuri Chornoivan
5560275828 Fix typos. 2013-10-12 14:47:50 +02:00
Reuben Thomas
9cd8330240 Fix typo in setlocale.c. Fixes BZ #15764 2013-10-12 14:32:09 +02:00
Joseph Myers
b7ea74f074 soft-fp: make __unord* raise "invalid" for signaling NaNs (bug 16036). 2013-10-12 12:23:28 +00:00
Joseph Myers
8a50944770 soft-fp: make ordered comparisons raise "invalid" for quiet NaNs (bug 14910). 2013-10-12 12:22:14 +00:00
Joseph Myers
98998e9f51 soft-fp: add missing FP_INIT_EXCEPTIONS and FP_INIT_ROUNDMODE calls. 2013-10-12 12:21:04 +00:00
Joseph Myers
8edc4a11cf soft-fp: add macro FP_NO_EXCEPTIONS. 2013-10-12 12:20:12 +00:00
Joseph Myers
8399acaf7c soft-fp: fix _FP_DIV_MEAT_* returning results with wrong exponent (bug 16032). 2013-10-12 12:18:55 +00:00
Joseph Myers
99fd9f47ef soft-fp: fix floating-point to integer unsigned saturation. 2013-10-12 12:17:16 +00:00
Siddhesh Poyarekar
10e1cf6b73 Add systemtap markers to math function slow paths
Add systemtap probes to various slow paths in libm so that application
developers may use systemtap to find out if their applications are
hitting these slow paths.  We have added probes for pow, exp, log,
tan, atan and atan2.
2013-10-11 22:37:53 +05:30
Eric Biggers
3d110c7c6e Fix fwrite() reading beyond end of buffer in error path
Partially revert commits 2b766585f9 and
de2fd463b1, which were intended to fix BZ#11741
but caused another, likely worse bug, namely that fwrite() and fputs() could,
in an error path, read data beyond the end of the specified buffer, and
potentially even write this data to the file.

Fix BZ#11741 properly by checking the return value from _IO_padn() in
stdio-common/vfprintf.c.
2013-10-11 22:29:38 +05:30
David S. Miller
75b4202ab0 Fix readdir regressions on sparc 32-bit.
* sysdeps/posix/dirstream.h (struct __dirstream): Fix alignment of
	directory block.
2013-10-10 22:32:36 -07:00
Joseph Myers
33b853c3b1 Update copyright and license notices in soft-fp files from libgcc. 2013-10-10 23:58:13 +00:00
Joseph Myers
6c6352e698 Add soft-fp files from libgcc. 2013-10-10 23:57:22 +00:00
David S. Miller
3bf78b7174 Update sparc ULPs.
* sysdeps/sparc/fpu/libm-test-ulps: Update.
2013-10-10 14:42:58 -07:00
Joseph Myers
bd878fc030 Extend powerpc-nofpu -fno-builtin-fabsl workaround to more files. 2013-10-10 19:12:09 +00:00
Joseph Myers
6f10289efb Avoid ordered comparisons of NaNs in ldbl-128ibm acosl and asinl. 2013-10-10 19:11:30 +00:00
Will Newton
321e268471 malloc/hooks.c: Correct check for overflow in memalign_check.
A large value of bytes passed to memalign_check can cause an integer
overflow in _int_memalign and heap corruption. This issue can be
exposed by running tst-memalign with MALLOC_CHECK_=3.

ChangeLog:

2013-10-10  Will Newton  <will.newton@linaro.org>

	* malloc/hooks.c (memalign_check): Ensure the value of bytes
	passed to _int_memalign does not overflow.
2013-10-10 14:52:05 +01:00
Torvald Riegel
40fefba1b5 benchtests: Add include-sources directive.
This adds the "include-sources" directive to scripts/bench.pl.  This
allows for including source code (vs including headers, which might get
a different search path) after the inclusion of any headers.
2013-10-10 14:45:30 +03:00
Joseph Myers
dcc2dd3f46 soft-fp: split FP_INIT_EXCEPTIONS from FP_INIT_ROUNDMODE. 2013-10-10 11:40:25 +00:00
Joseph Myers
2ae21ed2d2 soft-fp: fix negation NaN handling (bug 16034). 2013-10-10 11:38:56 +00:00
Joseph Myers
cb8f9562a5 soft-fp: Remove trailing semicolon from _FP_FRAC_DISASSEMBLE_4. 2013-10-09 19:23:05 +00:00
Adam Buchbinder
5b60c59de5 soft-fp: fix typo in comment. 2013-10-09 19:22:15 +00:00