This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]

From: Florian Weimer <fweimer at redhat dot com>
To: Joseph Myers <joseph at codesourcery dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Fri, 29 Apr 2016 10:48:56 +0200
Subject: Re: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
Authentication-results: sourceware.org; auth=none
References: <56FA607D dot 4070803 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1603292140320 dot 15654 at digraph dot polyomino dot org dot uk>

On 03/29/2016 11:41 PM, Joseph Myers wrote:

On Tue, 29 Mar 2016, Florian Weimer wrote:

This is a minor security issue in nss_dns, triggered by a very long name
passed to getnetbyname.


As a security issue it should have an entry in the "Security related
changes" section of NEWS for 2.24.

I expected to wait with this until closer to the 2.24, but I guess thereis no harm in adding these entries now.


I pushed the following NEWS entry:

* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed.  It
  could result in a stack overflow when getnetbyname was called with an
  overly long name.  (CVE-2016-3075)

Thanks,
Florian

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]