Date: Fri, 5 Apr 2013 11:58:27 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: Re: CVE Request: glibc getaddrinfo() stack overflow On Wed, Apr 03, 2013 at 01:10:21PM +0200, Marcus Meissner wrote: > Hi, > > A customer reported a glibc crash, which turned out to be a stack overflow in > getaddrinfo(). > > getaddrinfo() uses: > struct sort_result results[nresults]; > with nresults controlled by the nameservice chain (DNS or /etc/hosts). > > This will be visible mostly on threaded applications with smaller stacksizes, > or operating near out of stack. > > Reproducer I tried: > $ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done > $ ulimit -s 1024 > $ telnet a1 > Segmentation fault > (clean out /etc/hosts again ) > > > I am not sure you can usually push this amount of addresses via DNS for all > setups. > > Andreas is currently pushing the patch to glibc GIT. > > Reference: > https://bugzilla.novell.com/show_bug.cgi?id=813121 Upstream GLIBC commit is: http://sourceware.org/git/?p=glibc.git;a=commit;h=1cef1b19089528db11f221e938f60b9b048945d7 Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ