Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Apr 2013 13:10:21 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: glibc getaddrinfo() stack overflow

Hi,

A customer reported a glibc crash, which turned out to be a stack overflow in
getaddrinfo().

getaddrinfo() uses:
	struct sort_result results[nresults];
with nresults controlled by the nameservice chain (DNS or /etc/hosts).

This will be visible mostly on threaded applications with smaller stacksizes,
or operating near out of stack.

Reproducer I tried:
	$ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done
	$ ulimit -s 1024
	$ telnet a1
	Segmentation fault
	(clean out /etc/hosts again )


I am not sure you can usually push this amount of addresses via DNS for all
setups.

Andreas is currently pushing the patch to glibc GIT.

Reference:
https://bugzilla.novell.com/show_bug.cgi?id=813121

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.