Home page logo

oss-sec logo oss-sec mailing list archives

CVE Request: glibc getaddrinfo() stack overflow
From: Marcus Meissner <meissner () suse de>
Date: Wed, 3 Apr 2013 13:10:21 +0200


A customer reported a glibc crash, which turned out to be a stack overflow in

getaddrinfo() uses:
        struct sort_result results[nresults];
with nresults controlled by the nameservice chain (DNS or /etc/hosts).

This will be visible mostly on threaded applications with smaller stacksizes,
or operating near out of stack.

Reproducer I tried:
        $ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done
        $ ulimit -s 1024
        $ telnet a1
        Segmentation fault
        (clean out /etc/hosts again )

I am not sure you can usually push this amount of addresses via DNS for all

Andreas is currently pushing the patch to glibc GIT.


Ciao, Marcus

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]