This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch ibm/2.16/master updated. glibc-2.16.0-63-g002be9b
- From: tuliom at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 14 Apr 2015 12:40:35 -0000
- Subject: GNU C Library master sources branch ibm/2.16/master updated. glibc-2.16.0-63-g002be9b
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, ibm/2.16/master has been updated
via 002be9b8d178ace55a47dd9e2c166f217e380380 (commit)
from e9c2f97bf02666b01aa4af63c4e41355396acc3c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=002be9b8d178ace55a47dd9e2c166f217e380380
commit 002be9b8d178ace55a47dd9e2c166f217e380380
Author: Andreas Schwab <schwab@suse.de>
Date: Thu Mar 21 15:50:27 2013 +0100
Fix stack overflow in getaddrinfo with many results
Conflicts:
NEWS
diff --git a/ChangeLog b/ChangeLog
index 246f0a5..b6ef28d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-04-03 Andreas Schwab <schwab@suse.de>
+
+ [BZ #15330]
+ * sysdeps/posix/getaddrinfo.c (getaddrinfo): Allocate results and
+ order arrays from heap if bigger than alloca cutoff.
+
2014-06-03 Andreas Schwab <schwab@suse.de>
[BZ #15946]
diff --git a/NEWS b/NEWS
index 6a49b4b..2b31faa 100644
--- a/NEWS
+++ b/NEWS
@@ -10,8 +10,11 @@ Version 2.16.1
* The following bugs are resolved with this release:
6530, 14195, 14547, 14459, 14476, 14562, 14621, 14648, 14699, 14719,
- 14756, 14831, 15014, 15078, 15754, 15755, 15946, 16072, 16431, 16617,
- 16618, 17048, 17137, 17187, 17325, 17625, 17630.
+ 14756, 14831, 15014, 15078, 15330, 15754, 15755, 15946, 16072, 16431,
+ 16617, 16618, 17048, 17137, 17187, 17325, 17625, 17630.
+
+* CVE-2013-1914 Stack overflow in getaddrinfo with many results has been
+ fixed (Bugzilla #15330).
* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
under certain input conditions resulting in the execution of a shell for
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index dd85130..c88e1ec 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -2467,11 +2467,27 @@ getaddrinfo (const char *name, const char *service,
__typeof (once) old_once = once;
__libc_once (once, gaiconf_init);
/* Sort results according to RFC 3484. */
- struct sort_result results[nresults];
- size_t order[nresults];
+ struct sort_result *results;
+ size_t *order;
struct addrinfo *q;
struct addrinfo *last = NULL;
char *canonname = NULL;
+ bool malloc_results;
+
+ malloc_results
+ = !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (size_t)));
+ if (malloc_results)
+ {
+ results = malloc (nresults * (sizeof (*results) + sizeof (size_t)));
+ if (results == NULL)
+ {
+ __free_in6ai (in6ai);
+ return EAI_MEMORY;
+ }
+ }
+ else
+ results = alloca (nresults * (sizeof (*results) + sizeof (size_t)));
+ order = (size_t *) (results + nresults);
/* Now we definitely need the interface information. */
if (! check_pf_called)
@@ -2642,6 +2658,9 @@ getaddrinfo (const char *name, const char *service,
/* Fill in the canonical name into the new first entry. */
p->ai_canonname = canonname;
+
+ if (malloc_results)
+ free (results);
}
__free_in6ai (in6ai);
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
NEWS | 7 +++++--
sysdeps/posix/getaddrinfo.c | 23 +++++++++++++++++++++--
3 files changed, 32 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU C Library master sources