Date: Thu, 4 Jul 2013 15:58:23 +0200 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: glibc getaddrinfo() stack overflow Hi, On 3 April 2013 13:10, Marcus Meissner <meissner@...e.de> wrote: > Hi, > > A customer reported a glibc crash, which turned out to be a stack overflow in > getaddrinfo(). > > getaddrinfo() uses: > struct sort_result results[nresults]; > with nresults controlled by the nameservice chain (DNS or /etc/hosts). Looking at this issue in Debian's versions of eglibc, I noticed it crashes in an earlier part of getaddrinfo. More specifically, within gaih_inet(). git blames a commit from 2011: http://sourceware.org/git/?p=glibc.git;a=commit;f=sysdeps/posix/getaddrinfo.c;h=34a9094f49241ebb72084c536cf468fd51ebe3ec And in spite of what the changelog says, it appears that the bug that led to that change is: http://sourceware.org/bugzilla/show_bug.cgi?id=11884 A bit of patch hunting reveals that the above changes (and others) were included into RHEL 5 because of: https://bugzilla.redhat.com/show_bug.cgi?id=797096 Perhaps there are some missing CVE ids?  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704623#24 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.