oss-sec mailing list archives
CVE Request: glibc getaddrinfo() stack overflow
From: Marcus Meissner <meissner () suse de>
Date: Wed, 3 Apr 2013 13:10:21 +0200
Hi, A customer reported a glibc crash, which turned out to be a stack overflow in getaddrinfo(). getaddrinfo() uses: struct sort_result results[nresults]; with nresults controlled by the nameservice chain (DNS or /etc/hosts). This will be visible mostly on threaded applications with smaller stacksizes, or operating near out of stack. Reproducer I tried: $ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done $ ulimit -s 1024 $ telnet a1 Segmentation fault (clean out /etc/hosts again ) I am not sure you can usually push this amount of addresses via DNS for all setups. Andreas is currently pushing the patch to glibc GIT. Reference: https://bugzilla.novell.com/show_bug.cgi?id=813121 Ciao, Marcus
Current thread:
- CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Sebastian Krahmer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Sebastian Krahmer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner (Apr 05)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)