diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-10-23 20:34:42 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-10-23 21:30:14 +0200 |
commit | ee51f150de283e11fbf83aec8aadcdd8e2a0900e (patch) | |
tree | e45b6aec61add09a8db6f721990fb022e04a4e53 | |
parent | a4e92d627f1b09c04531c883313a2d4a61fad83d (diff) | |
download | aports-ee51f150de283e11fbf83aec8aadcdd8e2a0900e.tar.bz2 aports-ee51f150de283e11fbf83aec8aadcdd8e2a0900e.tar.xz |
main/musl: fix CVE-2017-15650
fixes #8034
-rw-r--r-- | main/musl/APKBUILD | 12 | ||||
-rw-r--r-- | main/musl/CVE-2017-15650.patch | 32 |
2 files changed, 43 insertions, 1 deletions
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index 6a2ca7b258..9969fa86b2 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.1.12 -pkgrel=7 +pkgrel=8 pkgdesc="the musl c library (libc) implementation" url="http://www.musl-libc.org/" arch="all" @@ -44,6 +44,7 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz memmem.patch 0001-fix-missing-integer-overflow-checks-in-regexec-buffe.patch 1001-add-support-for-pthread_-get-set-attr_default_np-GNU.patch + CVE-2017-15650.patch ldconfig __stack_chk_fail_local.c @@ -52,6 +53,12 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz iconv.c " +# secfixes: +# 1.1.12-r6: +# - CVE-2016-8859 +# 1.1.12-r8: +# - CVE-2017-15650 + _builddir="$srcdir"/musl-$pkgver prepare() { local i @@ -192,6 +199,7 @@ d85fdb4d80c8372d8e63cf4382e4012a 0028-fix-padding-string-formats-to-width-in-wi 3d5b6f9614083cff7b845deeb5e4c13d memmem.patch fe6de41e930775994f64b772f1fdc45c 0001-fix-missing-integer-overflow-checks-in-regexec-buffe.patch 2e3d961d3d50438f42683d2dbf6f2b91 1001-add-support-for-pthread_-get-set-attr_default_np-GNU.patch +d4ca72c487880e6389ee5638ec00f0c5 CVE-2017-15650.patch 830d01f7821b978df770b06db3790921 ldconfig 0df687757221bbb0fc1aa67f1bd646f9 __stack_chk_fail_local.c 57ef2c63b9ec6a2041694ace97d4ffa2 getconf.c @@ -230,6 +238,7 @@ bb763a85b15f1dcdfb5b077ca387e81547fe548a49a2e303ff1715ed436557ba 0027-env-avoid 5f0d4174d8ad8db95211581d778d8ad696ad85b06abc0b2e1ae39461930217ee memmem.patch cec3fdd3a90f153a2c5a5d22ffd7429c14ecb105259a9c2540e46db6cfe71b55 0001-fix-missing-integer-overflow-checks-in-regexec-buffe.patch 31700cb0c3bdbeebb78aafbce4cee7d058c9c8d1a37d576ee95c5c598c488912 1001-add-support-for-pthread_-get-set-attr_default_np-GNU.patch +a25e35436a6ac67c01add006327068a210636ddbbdaffd7be364bd08bdf41a11 CVE-2017-15650.patch b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7 ldconfig 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da __stack_chk_fail_local.c d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c getconf.c @@ -268,6 +277,7 @@ e3e0ebc19362e93ed1a278688e3acc082c23993daf0eb14ba011917ad076b2348bbe3fc9a9390118 fe5b9990ede91e205b040f23a24043472faae47390591dfbd8dfd29f02498b8642a6a919f00e7425ed86f765c7b29e2ccbb8560b6e2de1d35e5ef687ac26eda6 memmem.patch 6376167c67fdd22c0c4476fc38ff89ae3ce46435f72d7c506460944dd8f7d9153eed9696738dff5b320f09b474964f2a57394530eb40197ad58a6956e87e68ff 0001-fix-missing-integer-overflow-checks-in-regexec-buffe.patch 99f4c7e09860978f5a15fdfc6b8786e24bf763b838c623cbb91dbc27ebcdfa4fd0ed9fd02ad38cff1c903b0e2dc0a021d8786c938e990e8cc8d4475a13bf3c57 1001-add-support-for-pthread_-get-set-attr_default_np-GNU.patch +ff3bbaf43e2202db570377836782c8b2f95db39bbf2b09ef0891d9f1b25b3160e0ff6b16e055745b72357b1cf99a486b70a689b4928ed1cc6b78b4d4f0bbea32 CVE-2017-15650.patch 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c diff --git a/main/musl/CVE-2017-15650.patch b/main/musl/CVE-2017-15650.patch new file mode 100644 index 0000000000..7ac52fccd5 --- /dev/null +++ b/main/musl/CVE-2017-15650.patch @@ -0,0 +1,32 @@ +From 45ca5d3fcb6f874bf5ba55d0e9651cef68515395 Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Wed, 18 Oct 2017 14:50:03 -0400 +Subject: in dns parsing callback, enforce MAXADDRS to preclude overflow + +MAXADDRS was chosen not to need enforcement, but the logic used to +compute it assumes the answers received match the RR types of the +queries. specifically, it assumes that only one replu contains A +record answers. if the replies to both the A and the AAAA query have +their answer sections filled with A records, MAXADDRS can be exceeded +and clobber the stack of the calling function. + +this bug was found and reported by Felix Wilhelm. +--- + src/network/lookup_name.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c +index 066be4d..209c20f 100644 +--- a/src/network/lookup_name.c ++++ b/src/network/lookup_name.c +@@ -111,6 +111,7 @@ static int dns_parse_callback(void *c, int rr, const void *data, int len, const + { + char tmp[256]; + struct dpc_ctx *ctx = c; ++ if (ctx->cnt >= MAXADDRS) return -1; + switch (rr) { + case RR_A: + if (len != 4) return -1; +-- +cgit v0.11.2 + |