This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/19831] New: getaddrinfo returns uninitialized data when confronted with A/AAAA records of invalid size


https://sourceware.org/bugzilla/show_bug.cgi?id=19831

            Bug ID: 19831
           Summary: getaddrinfo returns uninitialized data when confronted
                    with A/AAAA records of invalid size
           Product: glibc
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
  Target Milestone: ---

The reason is that the entry is allocated before the size check fails:

      if (*pat == NULL)
        {
â
          *pat = (struct gaih_addrtuple *) buffer;
          buffer += sizeof (struct gaih_addrtuple);
          buflen -= sizeof (struct gaih_addrtuple);
        }

      (*pat)->name = NULL;
      (*pat)->next = NULL;
â
      (*pat)->family = type == T_A ? AF_INET : AF_INET6;
      if (__builtin_expect ((type == T_A && n != INADDRSZ)
                            || (type == T_AAAA && n != IN6ADDRSZ), 0))
        {
          ++had_error;
          continue;
        }

It is probably best to discard the entire packet if a parse error occurs.  It
is difficult at this point to fetch a new response.  At least the invalid
resource record should be skipped.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]