Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Apr 2013 13:10:21 +0200
From: Marcus Meissner <>
To: OSS Security List <>
Subject: CVE Request: glibc getaddrinfo() stack overflow


A customer reported a glibc crash, which turned out to be a stack overflow in

getaddrinfo() uses:
	struct sort_result results[nresults];
with nresults controlled by the nameservice chain (DNS or /etc/hosts).

This will be visible mostly on threaded applications with smaller stacksizes,
or operating near out of stack.

Reproducer I tried:
	$ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done
	$ ulimit -s 1024
	$ telnet a1
	Segmentation fault
	(clean out /etc/hosts again )

I am not sure you can usually push this amount of addresses via DNS for all

Andreas is currently pushing the patch to glibc GIT.


Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ