Bug 14806 - stack overflow in getaddrinfo() when host has many addresses
Summary: stack overflow in getaddrinfo() when host has many addresses
Status: RESOLVED DUPLICATE of bug 16002
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2012-11-05 13:47 UTC by Michal Kubeček
Modified: 2014-06-14 11:14 UTC (History)
5 users (show)

See Also:
Last reconfirmed:
fweimer: security-

proposed fix (2.21 KB, patch)
2012-11-05 13:47 UTC, Michal Kubeček
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michal Kubeček 2012-11-05 13:47:53 UTC
Created attachment 6720 [details]
proposed fix

Function make_request() in sysdeps/unix/sysv/linux/check_pf.c uses alloca() to allocate memory for the temporary linked list of local addresses. If the host has many addresses (originally observed with more than 7000 addresses and 256 KB stack size limit), this can cause stack overflow.

Attached is a fix proposal which is a bit more complicated than necessary but I wanted to avoid

  (1) calling malloc() in the most common case when there are just a few
  (2) allocating many small blocks if there are many addresses
  (3) allocating too much memory on stack

Thus the patch allocates a small block for 16 addresses on stack; if this is not enough (usually it is), linked list of blocks for 64 addresses is allocated as needed (suitable values of 16 and 64 are open to discussion).
Comment 1 Siddhesh Poyarekar 2013-04-15 12:36:05 UTC
Could you please post the patch on libc-alpha AT sourceware DOT org?  It can then be reviewed and pushed into git.  Please go through the following wiki document for guidelines for posting the patch:

Comment 2 Andreas Jaeger 2013-05-09 19:13:14 UTC
Michal, the patch needs comments and adoption for GNU coding style, especially spaces before parents.

Could you improve your patch, please?
Comment 3 Ondrej Bilka 2013-10-08 19:17:30 UTC
Alternative patch was proposed at BZ #16002

*** This bug has been marked as a duplicate of bug 16002 ***