This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/16072] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET6 address structures
- From: "siddhesh at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 25 Oct 2013 05:00:24 +0000
- Subject: [Bug network/16072] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET6 address structures
- Auto-submitted: auto-generated
- References: <bug-16072-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16072
Siddhesh Poyarekar <siddhesh at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed in master:
commit 7cbcdb3699584db8913ca90f705d6337633ee10f
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Fri Oct 25 10:22:12 2013 +0530
Fix stack overflow due to large AF_INET6 requests
Resolves #16072 (CVE-2013-4458).
This patch fixes another stack overflow in getaddrinfo when it is
called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914,
but the AF_INET6 case went undetected back then.
ChangeLog | 6 ++++++
NEWS | 5 ++++-
sysdeps/posix/getaddrinfo.c | 20 ++++++++++++++++++--
3 files changed, 28 insertions(+), 3 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.