Date: Wed, 3 Apr 2013 13:10:21 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: glibc getaddrinfo() stack overflow Hi, A customer reported a glibc crash, which turned out to be a stack overflow in getaddrinfo(). getaddrinfo() uses: struct sort_result results[nresults]; with nresults controlled by the nameservice chain (DNS or /etc/hosts). This will be visible mostly on threaded applications with smaller stacksizes, or operating near out of stack. Reproducer I tried: $ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done $ ulimit -s 1024 $ telnet a1 Segmentation fault (clean out /etc/hosts again ) I am not sure you can usually push this amount of addresses via DNS for all setups. Andreas is currently pushing the patch to glibc GIT. Reference: https://bugzilla.novell.com/show_bug.cgi?id=813121 Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.