[Bug libc/12946] New: getaddrinfo segfaults when no DNS is available

[Bug libc/12946] New: getaddrinfo segfaults when no DNS is available

[guido at trentalancia dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=12946

           Summary: getaddrinfo segfaults when no DNS is available
           Product: glibc
           Version: 2.14
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: guido@trentalancia.com


getaddrinfo causes segmentation fault when no Domain Name Server is available
(for example, /etc/resolv.conf is empty, it does not specify any "nameserver"
or the "nameserver" is unreachable).

Always reproducible (using various network clients such as ftp, ssh, ...). I do
not remember whether this problem appeared for the first time in version 2.14
or it was already there in previous versions...

Starting program: /home/guido/ftp ftp.gnu.org

Program received signal SIGSEGV, Segmentation fault.
__libc_res_nquery (statp=0x7ffff7748b20, name=0x7fffffffe851 "ftp.gnu.org",
class=1, type=62321, answer=<value optimized out>, anslen=2048,
    answerp=0x7fffffffcee0, answerp2=0x7fffffffcef0, nanswerp2=0x7fffffffcf4c,
resplen2=0x7fffffffcf30) at res_query.c:263
warning: Source file is more recent than executable.
263                 && (hp2->rcode != NOERROR || ntohs(hp2->ancount) == 0)) {
(gdb) where
#0  __libc_res_nquery (statp=0x7ffff7748b20, name=0x7fffffffe851 "ftp.gnu.org",
class=1, type=62321, answer=<value optimized out>, anslen=2048,
    answerp=0x7fffffffcee0, answerp2=0x7fffffffcef0, nanswerp2=0x7fffffffcf4c,
resplen2=0x7fffffffcf30) at res_query.c:263
#1  0x00007ffff0cf041e in __libc_res_nquerydomain (statp=0x7ffff7748b20,
name=<value optimized out>, domain=0x0, class=1, type=62321,
    answer=0x7fffffffc6a0 "Q\345t`\006", anslen=2048, answerp=0x7fffffffcee0,
answerp2=0x7fffffffcef0, nanswerp2=0x7fffffffcf4c,
    resplen2=0x7fffffffcf30) at res_query.c:576
#2  0x00007ffff0cf07ca in __libc_res_nsearch (statp=0x7ffff7748b20,
name=0x7fffffffe851 "ftp.gnu.org", class=1, type=62321,
    answer=0x7fffffffc6a0 "Q\345t`\006", anslen=2048, answerp=0x7fffffffcee0,
answerp2=0x7fffffffcef0, nanswerp2=0x7fffffffcf4c,
    resplen2=0x7fffffffcf30) at res_query.c:377
#3  0x00007ffff0f057f9 in _nss_dns_gethostbyname4_r (name=0x7fffffffe851
"ftp.gnu.org", pat=0x7fffffffd0f0, buffer=0x6236b0 "\177", buflen=1024,
    errnop=0x7fffffffd120, herrnop=0x7fffffffd130, ttlp=0x0) at
nss_dns/dns-host.c:314
#4  0x00007ffff7476089 in gaih_inet (name=0x7fffffffe851 "ftp.gnu.org",
service=<value optimized out>, req=0x7fffffffd440,
    pai=<value optimized out>, naddrs=0x7fffffffd320) at
../sysdeps/posix/getaddrinfo.c:848
#5  0x00007ffff74798c0 in getaddrinfo (name=0x7fffffffe851 "ftp.gnu.org",
service=<value optimized out>, hints=0x7fffffffd440, pai=0x7fffffffd438)
    at ../sysdeps/posix/getaddrinfo.c:2393
#6  0x0000000000408907 in hookup (host=0x7fffffffe851 "ftp.gnu.org", port=0x0)
at ftp.c:172
#7  0x0000000000403ac3 in setpeer (argc=2, argv=0x7fffffffe5f8) at cmds.c:214
#8  0x000000000040cb34 in main (argc=1, argv=0x7fffffffe600) at main.c:218
(gdb)

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12946] getaddrinfo segfaults when no DNS is available

[nick.jones@network-box.com]

http://sourceware.org/bugzilla/show_bug.cgi?id=12946

nick.jones@network-box.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |nick.jones@network-box.com

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12946] getaddrinfo segfaults when no DNS is available

[peroyvind at mandriva dot org]

http://sourceware.org/bugzilla/show_bug.cgi?id=12946

Per Øyvind Karlsen <peroyvind at mandriva dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |peroyvind at mandriva dot
                   |                            |org

--- Comment #1 from Per Øyvind Karlsen <peroyvind at mandriva dot org> 2011-07-17 22:05:03 UTC ---
appeared when upgrading to 2.14 for me as well, was not there with 2.13...

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12946] getaddrinfo segfaults when no DNS is available

[peroyvind at mandriva dot org]

http://sourceware.org/bugzilla/show_bug.cgi?id=12946

--- Comment #2 from Per Øyvind Karlsen <peroyvind at mandriva dot org> 2011-07-17 22:24:14 UTC ---
http://projects.archlinux.org/svntogit/packages.git/plain/glibc/trunk/glibc-2.14-fix-resolver-crash-typo.patch

This patch did the trick for me. :)

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12946] getaddrinfo segfaults when no DNS is available

[guido at trentalancia dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=12946

--- Comment #3 from Guido Trentalancia <guido at trentalancia dot com> 2011-07-17 23:31:59 UTC ---
Yes, excellent, it also works here !

It should probably be applied as soon as possible so that this bug can be
closed.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug network/12946] getaddrinfo segfaults when no DNS is available

[jsm28 at gcc dot gnu.org]

http://sourceware.org/bugzilla/show_bug.cgi?id=12946

Joseph Myers <jsm28 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|libc                        |network

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug network/12946] getaddrinfo segfaults when no DNS is available

[siddhesh at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=12946

Siddhesh Poyarekar <siddhesh at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |siddhesh at redhat dot com
         Resolution|                            |FIXED

--- Comment #4 from Siddhesh Poyarekar <siddhesh at redhat dot com> 2012-04-11 17:05:47 UTC ---
The patch was committed into master 57912a71

The link in comment 2 is broken, so here's a working link for reference:

http://www.openmamba.org/showfile.html?file=/pub/openmamba/devel/patches/glibc-2.14-fix-resolver-crash-typo.patch

Closing as fixed.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug network/12946] getaddrinfo segfaults when no DNS is available

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=12946

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
              Flags|                            |security+

--- Comment #5 from Florian Weimer <fweimer at redhat dot com> ---
Only glibc 2.14 is affected by this.  It seems to be a minor denial-of-service
vulnerability.

-- 
You are receiving this mail because:
You are on the CC list for the bug.