oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: glibc getaddrinfo() stack overflow

From: Marcus Meissner <meissner () suse de>
Date: Wed, 3 Apr 2013 13:10:21 +0200
Hi,

A customer reported a glibc crash, which turned out to be a stack overflow in
getaddrinfo().

getaddrinfo() uses:
        struct sort_result results[nresults];
with nresults controlled by the nameservice chain (DNS or /etc/hosts).

This will be visible mostly on threaded applications with smaller stacksizes,
or operating near out of stack.

Reproducer I tried:
        $ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done
        $ ulimit -s 1024
        $ telnet a1
        Segmentation fault
        (clean out /etc/hosts again )


I am not sure you can usually push this amount of addresses via DNS for all
setups.

Andreas is currently pushing the patch to glibc GIT.

Reference:
https://bugzilla.novell.com/show_bug.cgi?id=813121

Ciao, Marcus
Previous By Date Next
Previous By Thread Next

Current thread: