This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug nss/20874] getaddrinfo_a segfault

From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 29 Nov 2016 08:02:27 +0000
Subject: [Bug nss/20874] getaddrinfo_a segfault
Auto-submitted: auto-generated
References: <bug-20874-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=20874

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |fweimer at redhat dot com
         Resolution|---                         |INVALID
              Flags|                            |security-

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Matt Corallo from comment #0)

> void beatit() {
> 	struct gaicb gai;
> 	struct gaicb *gaip = &gai;
>  
> 	while (1) {
> 		memset(&gai, 0, sizeof(gai));
>  
> 		fprintf(stderr, "OK, cleared gai, now calling gai_a\n");
> 		std::string hostname(host);
> 		gai.ar_name = hostname.c_str();
>  
> 		assert(!getaddrinfo_a(GAI_NOWAIT, &gaip, 1, NULL));

getaddrinfo_a does not make copy of the submitted requests, so this code has
multiple use-after-free issues (the gai local variable, and the backing string
for hostname).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug nss/20874] New: getaddrinfo_a segfault
  - From: swbza at bluematt dot me

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]