public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "siddhesh at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug network/16071] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
Date: Wed, 30 Oct 2013 10:50:00 -0000 [thread overview]
Message-ID: <bug-16071-131-Jy60Oc4qFP@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-16071-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
Siddhesh Poyarekar <siddhesh at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed in master:
commit 977f4b31b7ca4a4e498c397f3fd70510694bbd86
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Wed Oct 30 16:13:37 2013 +0530
Fix reads for sizes larger than INT_MAX in AF_INET lookup
Currently for AF_INET lookups from the hosts file, buffer sizes larger
than INT_MAX silently overflow and may result in access beyond bounds
of a buffer. This happens when the number of results in an AF_INET
lookup in /etc/hosts are very large.
There are two aspects to the problem. One problem is that the size
computed from the buffer size is stored into an int, which results in
overflow for large sizes. Additionally, even if this size was
expanded, the function used to read content into the buffer (fgets)
accepts only int sizes. As a result, the fix is to have a function
wrap around fgets that calls it multiple times with int sizes if
necessary.
ChangeLog | 8 ++++++++
NEWS | 2 +-
nss/nss_files/files-XXX.c | 59
+++++++++++++++++++++++++++++++++++++++++++++++++++--------
3 files changed, 60 insertions(+), 9 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2013-10-30 10:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-22 5:27 [Bug network/16071] New: " siddhesh at redhat dot com
2013-10-22 6:46 ` [Bug network/16071] " siddhesh at redhat dot com
2013-10-30 10:50 ` siddhesh at redhat dot com [this message]
2014-06-13 12:36 ` fweimer at redhat dot com
2014-06-23 8:18 ` schwab@linux-m68k.org
2014-06-23 9:48 ` siddhesh at redhat dot com
2014-06-23 9:49 ` fweimer at redhat dot com
2014-06-23 10:31 ` schwab@linux-m68k.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-16071-131-Jy60Oc4qFP@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).