This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Fix stack overflow in getaddrinfo with many results

From: "Carlos O'Donell" <carlos at redhat dot com>
To: Andreas Schwab <schwab at suse dot de>
Cc: libc-alpha at sourceware dot org
Date: Wed, 03 Apr 2013 10:14:59 -0400
Subject: Re: [PATCH] Fix stack overflow in getaddrinfo with many results
References: <mvm4nfnai0u dot fsf at hawking dot suse dot de>

On 04/03/2013 08:57 AM, Andreas Schwab wrote:
> Since struct sort_results is rather big this can overflow the stack
> pretty fast.
> 
> Andreas.
> 
> 	[BZ #15330]
> 	* sysdeps/posix/getaddrinfo.c (getaddrinfo): Allocate results and
> 	order arrays from heap if bigger than alloca cutoff.

I don't see a CVE # for this yet, but the request is here:
http://www.openwall.com/lists/oss-security/2013/04/03/2

Could you please add the CVE# to the NEWS file when it gets one?
I think we want to clearly show in the NEWS that we fixed CVEs.

Could you also add CVE-2013-0242 to NEWS (already fixed by you
on Jan 29th)?

Cheers,
Carlos.

References:
- [PATCH] Fix stack overflow in getaddrinfo with many results
  - From: Andreas Schwab

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]