This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests
- From: Siddhesh Poyarekar <siddhesh at redhat dot com>
- To: libc-alpha at sourceware dot org
- Date: Wed, 23 Oct 2013 09:53:06 +0530
- Subject: Re: [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests
- Authentication-results: sourceware.org; auth=none
- References: <20131022071550 dot GG11038 at spoyarek dot pnq dot redhat dot com> <20131022125104 dot GI11038 at spoyarek dot pnq dot redhat dot com>
On Tue, Oct 22, 2013 at 06:21:04PM +0530, Siddhesh Poyarekar wrote:
> On Tue, Oct 22, 2013 at 12:45:51PM +0530, Siddhesh Poyarekar wrote:
> > Hi,
> >
> > This patch fixes another stack overflow in getaddrinfo when it is
> > called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914,
> > but the AF_INET case went undetected back then.
> >
> > Tested on x86_64 - same reproducer as 16071, with AF_INET6 instead of
> > AF_INET. OK to commit? Also, should I add another NEWS item for this
> > with this CVE number or should I post a request for another CVE?
> >
> > Siddhesh
> >
> > [BZ #16072]
> > * sysdeps/posix/getaddrinfo.c (gethosts): Allocate tmpbuf on
> > heap for large requests.
> >
>
> A (very) slightly improved patch - fixed alloca accounting in
> gethosts.
>
This has now been blessed with a new CVE number: CVE-2013-4458.
Siddhesh