This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Joseph Myers <joseph at codesourcery dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 29 Apr 2016 10:48:56 +0200
- Subject: Re: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
- Authentication-results: sourceware.org; auth=none
- References: <56FA607D dot 4070803 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1603292140320 dot 15654 at digraph dot polyomino dot org dot uk>
On 03/29/2016 11:41 PM, Joseph Myers wrote:
On Tue, 29 Mar 2016, Florian Weimer wrote:
This is a minor security issue in nss_dns, triggered by a very long name
passed to getnetbyname.
As a security issue it should have an entry in the "Security related
changes" section of NEWS for 2.24.
I expected to wait with this until closer to the 2.24, but I guess there
is no harm in adding these entries now.
I pushed the following NEWS entry:
* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It
could result in a stack overflow when getnetbyname was called with an
overly long name. (CVE-2016-3075)