[PATCH][BZ 21295] getaddrinfo: do not overwrite IPv6 IPs with IPv4 when using AF_UNSPEC
Florian Weimer
fweimer@redhat.com
Thu Apr 20 12:58:00 GMT 2017
On 04/20/2017 02:41 PM, Florian Weimer wrote:
> On 03/23/2017 02:21 PM, kmeaw@kmeaw.com wrote:
>> CVE-2016-3706 patch introduces a regression which disrupts connectivity
>> from IPv6-only to dual-stack hosts. This is caused by
>> convert_hostent_to_gaih_addrtuple which frees the result opposed to
>> appending to it (prior to the CVE patch in gaih_inet).
>>
>> This change replaces free(*result) call with a loop which looks for the
>> pointer to the end of the linked list (&(*result)->next), so successive
>> calls append the result to the list instead of overwriting it.
>>
>> Bugzilla entry #21295 describes a way to reproduce the issue.
>
> I'm trying to write a test for this, but I haven't been successful so
> far. What's the exact container setup that shows this? What are its
> network interfaces and sysctl settings for IPv6?
>
> I don't think the bug can happen with nss_dns and the upstream sources.
> We either use AF_UNSPEC and the name4 lookup function, or we have just a
> AF_INET or AF_INET6 lookup, so the current overriding behavior does not
> matter. This means that in order to reproduce the bug, we'd need a
> custom NSS module which does not implement the name4 lookup function.
I think I found another corner case: AF_INET6 with AI_ALL and
AI_V4MAPPED as flags. This is independent of the host IPv4/IPv6 support
level.
> It's puzzling that you see a problem on Ubuntu.
This still mystifies me.
Thanks,
Florian
More information about the Libc-alpha
mailing list