Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request: glibc getaddrinfo() stack overflow
From: Marcus Meissner <meissner () suse de>
Date: Fri, 5 Apr 2013 11:58:27 +0200

On Wed, Apr 03, 2013 at 01:10:21PM +0200, Marcus Meissner wrote:

A customer reported a glibc crash, which turned out to be a stack overflow in

getaddrinfo() uses:
      struct sort_result results[nresults];
with nresults controlled by the nameservice chain (DNS or /etc/hosts).

This will be visible mostly on threaded applications with smaller stacksizes,
or operating near out of stack.

Reproducer I tried:
      $ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done
      $ ulimit -s 1024
      $ telnet a1
      Segmentation fault
      (clean out /etc/hosts again )

I am not sure you can usually push this amount of addresses via DNS for all

Andreas is currently pushing the patch to glibc GIT.


Upstream GLIBC commit is:

Ciao, Marcus

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]