This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/19831] New: getaddrinfo returns uninitialized data when confronted with A/AAAA records of invalid size
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 16 Mar 2016 17:40:41 +0000
- Subject: [Bug network/19831] New: getaddrinfo returns uninitialized data when confronted with A/AAAA records of invalid size
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19831
Bug ID: 19831
Summary: getaddrinfo returns uninitialized data when confronted
with A/AAAA records of invalid size
Product: glibc
Version: 2.24
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
The reason is that the entry is allocated before the size check fails:
if (*pat == NULL)
{
â
*pat = (struct gaih_addrtuple *) buffer;
buffer += sizeof (struct gaih_addrtuple);
buflen -= sizeof (struct gaih_addrtuple);
}
(*pat)->name = NULL;
(*pat)->next = NULL;
â
(*pat)->family = type == T_A ? AF_INET : AF_INET6;
if (__builtin_expect ((type == T_A && n != INADDRSZ)
|| (type == T_AAAA && n != IN6ADDRSZ), 0))
{
++had_error;
continue;
}
It is probably best to discard the entire packet if a parse error occurs. It
is difficult at this point to fetch a new response. At least the invalid
resource record should be skipped.
--
You are receiving this mail because:
You are on the CC list for the bug.