Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix [BZ #20018]

This commit avoids adding the __inet_aton_exact@GLIBC_PRIVATE
symbol.  In master, the separately-compiled getaddrinfo
implementation in nscd needs it, however such an internal ABI change
is not desirable on a release branch if it can be avoided easily.

diff --git a/ChangeLog b/ChangeLog
index 8fb841c0009c53c109f03a3291275293bcc5b761..d07b83f13d4e61d9b327ece124eaaf6a83863ece 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2019-02-04  Florian Weimer  <fweimer@redhat.com>
+
+       [BZ #20018]
+       Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix.
+       * include/arpa/inet.h (__inet_aton_exact): Declare as hidden.
+       * resolv/inet_addr.c (__inet_aton_exact): Remove libc_hidden_def.
+       * resolv/Versions (GLIBC_PRIVATE): Do not export
+       __inet_aton_exact.
+       * nscd/nscd-inet_addr.c: New file.  Build resolv/inet_addr.c for
+       nscd, without public symbols.
+       * nscd/Makefile (nscd-modules): Add it.
+
 2019-01-21  Florian Weimer  <fweimer@redhat.com>
 
        [BZ #20018]

diff --git a/include/arpa/inet.h b/include/arpa/inet.h
index 19aec74275069a450713722a857484d1a2588b09..dce60b4909938e6bbca9752376d23e721b167686 100644 (file)
--- a/include/arpa/inet.h
+++ b/include/arpa/inet.h
@@ -2,8 +2,8 @@
 
 #ifndef _ISOMAC
 /* Variant of inet_aton which rejects trailing garbage.  */
-extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp);
-libc_hidden_proto (__inet_aton_exact)
+extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp)
+  attribute_hidden;
 
 libc_hidden_proto (inet_ntop)
 libc_hidden_proto (inet_pton)

diff --git a/nscd/Makefile b/nscd/Makefile
index b713a84c4953d41109cee32d171cfbb153374ac7..eb23c01a396254a5d5c6de183aa5ef0c32c2477e 100644 (file)
--- a/nscd/Makefile
+++ b/nscd/Makefile
@@ -36,7 +36,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \
                getsrvbynm_r getsrvbypt_r servicescache \
                dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \
                xmalloc xstrdup aicache initgrcache gai res_hconf \
-               netgroupcache
+               netgroupcache nscd-inet_addr
 
 ifeq ($(build-nscd)$(have-thread-library),yesyes)
 

diff --git a/nscd/nscd-inet_addr.c b/nscd/nscd-inet_addr.c
new file mode 100644 (file)
index 0000000..cfa4ac7
--- /dev/null
+++ b/nscd/nscd-inet_addr.c
@@ -0,0 +1,24 @@
+/* Legacy IPv4 text-to-address functions.  Version for nscd.
+   Copyright (C) 2019 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* Do not provide definitions of the public symbols exported from
+   libc.  */
+#undef weak_alias
+#define weak_alias(from, to)
+
+#include <resolv/inet_addr.c>

diff --git a/resolv/Versions b/resolv/Versions
index 9a82704af75f789bc81d9c9c540f9c7b581130c1..b05778d9654aa0f24ff46554952580b4c28e687e 100644 (file)
--- a/resolv/Versions
+++ b/resolv/Versions
@@ -27,7 +27,6 @@ libc {
     __h_errno; __resp;
 
     __res_iclose;
-    __inet_aton_exact;
     __inet_pton_length;
     __resolv_context_get;
     __resolv_context_get_preinit;

diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
index 41b6166a5bd5a44bae5c8b6a065b9d1b7c4afd9b..1bc4a2c4d61f79e0ec9db63d154dbdcb678881f4 100644 (file)
--- a/resolv/inet_addr.c
+++ b/resolv/inet_addr.c
@@ -192,7 +192,6 @@ __inet_aton_exact (const char *cp, struct in_addr *addr)
   else
     return 0;
 }
-libc_hidden_def (__inet_aton_exact)
 
 /* inet_aton ignores trailing garbage.  */
 int