[PATCH][BZ 21295] getaddrinfo: do not overwrite IPv6 IPs with IPv4 when using AF_UNSPEC

Florian Weimer fweimer@redhat.com
Thu Apr 20 12:58:00 GMT 2017


On 04/20/2017 02:41 PM, Florian Weimer wrote:
> On 03/23/2017 02:21 PM, kmeaw@kmeaw.com wrote:
>> CVE-2016-3706 patch introduces a regression which disrupts connectivity
>> from IPv6-only to dual-stack hosts. This is caused by
>> convert_hostent_to_gaih_addrtuple which frees the result opposed to
>> appending to it (prior to the CVE patch in gaih_inet).
>>
>> This change replaces free(*result) call with a loop which looks for the
>> pointer to the end of the linked list (&(*result)->next), so successive
>> calls append the result to the list instead of overwriting it.
>>
>> Bugzilla entry #21295 describes a way to reproduce the issue.
> 
> I'm trying to write a test for this, but I haven't been successful so 
> far.  What's the exact container setup that shows this?  What are its 
> network interfaces and sysctl settings for IPv6?
> 
> I don't think the bug can happen with nss_dns and the upstream sources. 
> We either use AF_UNSPEC and the name4 lookup function, or we have just a 
> AF_INET or AF_INET6 lookup, so the current overriding behavior does not 
> matter.  This means that in order to reproduce the bug, we'd need a 
> custom NSS module which does not implement the name4 lookup function.

I think I found another corner case: AF_INET6 with AI_ALL and 
AI_V4MAPPED as flags.  This is independent of the host IPv4/IPv6 support 
level.

> It's puzzling that you see a problem on Ubuntu.

This still mystifies me.

Thanks,
Florian



More information about the Libc-alpha mailing list