touch-packages team mailing list archive

Thread
Date

[Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: TJ <ubuntu@xxxxxx>
Date: Tue, 05 Aug 2014 04:25:34 -0000
Reply-to: Bug 1352504 <1352504@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Working from the reference at:

https://sourceware.org/glibc/wiki/Testing/Check-localplt

The test-suite failures appear to have been introduced in the patches
for CVE-2014-0475 (2.11.1-0ubuntu7.14) and the patch for bindresvport
(2.9-21).

# objdump -DR build-tree/i386-libc/libc.s > libc.dis
# egrep -n 'memmem@plt>' libc.dis
41049:000169d0 <memmem@plt>:
54050:   21063: e8 68 59 ff ff          call   169d0 <memmem@plt>

# egrep -B 50 -n 'call.*<memmem@plt>' libc.dis | egrep '<.*>:'
54009-00020fd0 <_nl_find_locale>:

grep -rn memmem debian/patches/*
debian/patches/any/cvs-issue12092.diff:2:Subject: [PATCH] Fix strstr and memmem algorithm.
debian/patches/any/CVE-2014-0475.diff:43:+  if (__builtin_expect ((memmem (name, namelen,

# egrep -n 'feof@plt>' libc.dis
41019:00016970 <feof@plt>:
315267:   fa8dc:        e8 8f c0 f1 ff          call   16970 <feof@plt>

# egrep -B 150 -n 'call.*<feof@plt>' libc.dis | egrep '<.*>:'
315131-000fa6c0 <bindresvport>:

grep -rn feof debian/patches/*
debian/patches/any/local-bindresvport_blacklist.diff:51:+  while (!feof (fp))

It appears feof() should be feof_unlocked().

Can't be sure about memmem().


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0475

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

References

[Bug 1352504] [NEW] Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
From: Alex Vandiver, 2014-08-04