This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/19865] New: Memory leak in _nss_dns_getcanonname_r
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 24 Mar 2016 21:08:04 +0000
- Subject: [Bug network/19865] New: Memory leak in _nss_dns_getcanonname_r
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19865
Bug ID: 19865
Summary: Memory leak in _nss_dns_getcanonname_r
Product: glibc
Version: 2.24
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security-
If the A lookup fails, but returns a response large than 20 bytes (so that
malloc happens in __libc_res_nquery), __libc_res_nquery is called again, with
the old, minimal buffer size, and allocates a new fresh buffer, overwriting the
pointer to the first allocated buffer, so that the allocated memory is now
lost.
This does not appear to be a recent regression.
_nss_dns_getcanonname_r seems to be dead code because nss_dns always provides a
canonical name directly, so this needs a rather unusual setup before this turns
into a security issue (denial of service due to memory exhaustion), which is
why I'm flagging this security-.
--
You are receiving this mail because:
You are on the CC list for the bug.