This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]
- From: Andreas Schwab <schwab at suse dot de>
- To: fweimer at redhat dot com (Florian Weimer)
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 19 May 2016 13:53:28 +0200
- Subject: Re: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]
- Authentication-results: sourceware.org; auth=none
- References: <20160519110545 dot ED146400FD12E at oldenburg dot str dot redhat dot com>
firstname.lastname@example.org (Florian Weimer) writes:
> The call is technically in a loop, and under certain circumstances
> (which are quite difficult to reproduce in a test case), alloca
> can be invoked repeatedly during a single call to clntudp_call.
> As a result, the available stack space can be exhausted (even
> though individual alloca sizes are bounded implicitly by what
> can fit into a UDP packet, as a side effect of the earlier
> successful send operation).
If you use a VLA you can avoid that.
Andreas Schwab, SUSE Labs, email@example.com
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."