This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/20112] sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 27 Feb 2017 18:41:43 +0000
- Subject: [Bug network/20112] sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429)
- Auto-submitted: auto-generated
- References: <bug-20112-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=20112
--- Comment #11 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via d42eed4a044e5e10dfb885cf9891c2518a72a491 (commit)
from 963394a22b38c4ec92b6875a6c06d3b15d5c0d21 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491
commit d42eed4a044e5e10dfb885cf9891c2518a72a491
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Feb 27 19:05:13 2017 +0100
sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
(CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
[BZ #20112]), ancillary data is stored on the heap,
but it is accessed after it has been freed.
The test case must be run under a heap debugger such as valgrind
to observe the invalid access. A malloc implementation which
immediately calls munmap on free would catch this bug as well.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 8 ++++++
sunrpc/Makefile | 3 +-
sunrpc/clnt_udp.c | 2 +-
sunrpc/tst-udp-error.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 73 insertions(+), 2 deletions(-)
create mode 100644 sunrpc/tst-udp-error.c
--
You are receiving this mail because:
You are on the CC list for the bug.