This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch gentoo/2.23 updated. glibc-2.23-46-g06943eb


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, gentoo/2.23 has been updated
       via  06943eb86a410d875e4ee08d713ed51e67bd5b28 (commit)
      from  742bcfaa70ea522406dd046adafefa933d29ca50 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=06943eb86a410d875e4ee08d713ed51e67bd5b28

commit 06943eb86a410d875e4ee08d713ed51e67bd5b28
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 27 14:26:47 2016 +0200

    resolv: Always set *resplen2 out parameter in send_vc [BZ #19825]
    
    In various error scenarios (for example, if the server closes the
    TCP connection before sending the full response), send_vc can return
    without resetting the *resplen2 value.  This can pass uninitialized
    or unexpected data to the caller.
    
    (cherry picked from commit b9bdfa7c8fa22c944bb5f21a673dfd1f91b71c56)
    (cherry picked from commit 075b2665b159491fdd17f5aee90d47fa7388ed6f)

diff --git a/resolv/res_send.c b/resolv/res_send.c
index b4efcb6..2c0bae1 100644
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -762,8 +762,6 @@ send_vc(res_state statp,
 	u_short len2;
 	u_char *cp;
 
-	if (resplen2 != NULL)
-	  *resplen2 = 0;
 	connreset = 0;
  same_ns:
 	truncating = 0;
@@ -789,6 +787,8 @@ send_vc(res_state statp,
 		if (statp->_vcsock < 0) {
 			*terrno = errno;
 			Perror(statp, stderr, "socket(vc)", errno);
+			if (resplen2 != NULL)
+			  *resplen2 = 0;
 			return (-1);
 		}
 		__set_errno (0);
@@ -798,8 +798,7 @@ send_vc(res_state statp,
 			    : sizeof (struct sockaddr_in6)) < 0) {
 			*terrno = errno;
 			Aerror(statp, stderr, "connect/vc", errno, nsap);
-			__res_iclose(statp, false);
-			return (0);
+			return close_and_return_error (statp, resplen2);
 		}
 		statp->_flags |= RES_F_VC;
 	}
@@ -822,8 +821,7 @@ send_vc(res_state statp,
 	if (TEMP_FAILURE_RETRY (writev(statp->_vcsock, iov, niov)) != explen) {
 		*terrno = errno;
 		Perror(statp, stderr, "write failed", errno);
-		__res_iclose(statp, false);
-		return (0);
+		return close_and_return_error (statp, resplen2);
 	}
 	/*
 	 * Receive length & response
@@ -845,7 +843,6 @@ send_vc(res_state statp,
 	if (n <= 0) {
 		*terrno = errno;
 		Perror(statp, stderr, "read failed", errno);
-		__res_iclose(statp, false);
 		/*
 		 * A long running process might get its TCP
 		 * connection reset if the remote server was
@@ -855,11 +852,13 @@ send_vc(res_state statp,
 		 * instead of failing.  We only allow one reset
 		 * per query to prevent looping.
 		 */
-		if (*terrno == ECONNRESET && !connreset) {
-			connreset = 1;
-			goto same_ns;
-		}
-		return (0);
+		if (*terrno == ECONNRESET && !connreset)
+		  {
+		    __res_iclose (statp, false);
+		    connreset = 1;
+		    goto same_ns;
+		  }
+		return close_and_return_error (statp, resplen2);
 	}
 	int rlen = ntohs (rlen16);
 
@@ -891,11 +890,11 @@ send_vc(res_state statp,
 			/* Always allocate MAXPACKET, callers expect
 			   this specific size.  */
 			u_char *newp = malloc (MAXPACKET);
-			if (newp == NULL) {
-				*terrno = ENOMEM;
-				__res_iclose(statp, false);
-				return (0);
-			}
+			if (newp == NULL)
+			  {
+			    *terrno = ENOMEM;
+			    return close_and_return_error (statp, resplen2);
+			  }
 			*thisanssizp = MAXPACKET;
 			*thisansp = newp;
 			if (thisansp == ansp2)
@@ -922,8 +921,7 @@ send_vc(res_state statp,
 		Dprint(statp->options & RES_DEBUG,
 		       (stdout, ";; undersized: %d\n", len));
 		*terrno = EMSGSIZE;
-		__res_iclose(statp, false);
-		return (0);
+		return close_and_return_error (statp, resplen2);
 	}
 
 	cp = *thisansp;
@@ -934,8 +932,7 @@ send_vc(res_state statp,
 	if (__glibc_unlikely (n <= 0))       {
 		*terrno = errno;
 		Perror(statp, stderr, "read(vc)", errno);
-		__res_iclose(statp, false);
-		return (0);
+		return close_and_return_error (statp, resplen2);
 	}
 	if (__glibc_unlikely (truncating))       {
 		/*

-----------------------------------------------------------------------

Summary of changes:
 resolv/res_send.c |   39 ++++++++++++++++++---------------------
 1 files changed, 18 insertions(+), 21 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]