Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Apr 2013 11:58:27 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: glibc getaddrinfo() stack overflow

On Wed, Apr 03, 2013 at 01:10:21PM +0200, Marcus Meissner wrote:
> Hi,
> 
> A customer reported a glibc crash, which turned out to be a stack overflow in
> getaddrinfo().
> 
> getaddrinfo() uses:
> 	struct sort_result results[nresults];
> with nresults controlled by the nameservice chain (DNS or /etc/hosts).
> 
> This will be visible mostly on threaded applications with smaller stacksizes,
> or operating near out of stack.
> 
> Reproducer I tried:
> 	$ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done
> 	$ ulimit -s 1024
> 	$ telnet a1
> 	Segmentation fault
> 	(clean out /etc/hosts again )
> 
> 
> I am not sure you can usually push this amount of addresses via DNS for all
> setups.
> 
> Andreas is currently pushing the patch to glibc GIT.
> 
> Reference:
> https://bugzilla.novell.com/show_bug.cgi?id=813121

Upstream GLIBC commit is:
http://sourceware.org/git/?p=glibc.git;a=commit;h=1cef1b19089528db11f221e938f60b9b048945d7

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ