This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nis/20987] NIS+ unbounded stack allocations
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 26 Jan 2017 09:11:17 +0000
- Subject: [Bug nis/20987] NIS+ unbounded stack allocations
- Auto-submitted: auto-generated
- References: <bug-20987-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=20987
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|security- |security+
--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to joseph@codesourcery.com from comment #3)
> Are you confident that these stack allocations can only be triggered by
> (trusted) data from the network, not by e.g. a lookup of a crafted long
> user name (something it's plausible could be triggered across a trust
> boundary)?
Indeed, you are right, the majority of the cases comes from
application-supplied data, not network-supplied data, so it seems this would
indeed be a security fix.
--
You are receiving this mail because:
You are on the CC list for the bug.