public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
@ 2013-10-22 5:27 siddhesh at redhat dot com
2013-10-22 6:46 ` [Bug network/16071] " siddhesh at redhat dot com
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: siddhesh at redhat dot com @ 2013-10-22 5:27 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
Bug ID: 16071
Summary: Segmentation fault in getaddrinfo() when processing
entry mapping to long list of AF_INET address
structures
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: siddhesh at redhat dot com
Reporter: siddhesh at redhat dot com
Adding a large number of IPv4 entries for a host in /etc/hosts and then
querying it results in a segmentation fault.
How reproducible:
Always
Steps to Reproduce:
1. Create 50K '127.0.0.1 host-fubar' entries, and 50K '::1 host-fubar'
entries in '/etc/hosts'.
2. Call getaddrinfo for 'node' = "host-fubar", no 'flags' set, and AF_INET in
'hints->ai_family'.
Actual results:
SIGSEGV
Expected results:
No SIGSEGV
Patch coming up.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug network/16071] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
2013-10-22 5:27 [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures siddhesh at redhat dot com
@ 2013-10-22 6:46 ` siddhesh at redhat dot com
2013-10-30 10:50 ` siddhesh at redhat dot com
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: siddhesh at redhat dot com @ 2013-10-22 6:46 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
Siddhesh Poyarekar <siddhesh at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |16072
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug network/16071] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
2013-10-22 5:27 [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures siddhesh at redhat dot com
2013-10-22 6:46 ` [Bug network/16071] " siddhesh at redhat dot com
@ 2013-10-30 10:50 ` siddhesh at redhat dot com
2014-06-13 12:36 ` fweimer at redhat dot com
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: siddhesh at redhat dot com @ 2013-10-30 10:50 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
Siddhesh Poyarekar <siddhesh at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed in master:
commit 977f4b31b7ca4a4e498c397f3fd70510694bbd86
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Wed Oct 30 16:13:37 2013 +0530
Fix reads for sizes larger than INT_MAX in AF_INET lookup
Currently for AF_INET lookups from the hosts file, buffer sizes larger
than INT_MAX silently overflow and may result in access beyond bounds
of a buffer. This happens when the number of results in an AF_INET
lookup in /etc/hosts are very large.
There are two aspects to the problem. One problem is that the size
computed from the buffer size is stored into an int, which results in
overflow for large sizes. Additionally, even if this size was
expanded, the function used to read content into the buffer (fgets)
accepts only int sizes. As a result, the fix is to have a function
wrap around fgets that calls it multiple times with int sizes if
necessary.
ChangeLog | 8 ++++++++
NEWS | 2 +-
nss/nss_files/files-XXX.c | 59
+++++++++++++++++++++++++++++++++++++++++++++++++++--------
3 files changed, 60 insertions(+), 9 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug network/16071] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
2013-10-22 5:27 [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures siddhesh at redhat dot com
2013-10-22 6:46 ` [Bug network/16071] " siddhesh at redhat dot com
2013-10-30 10:50 ` siddhesh at redhat dot com
@ 2014-06-13 12:36 ` fweimer at redhat dot com
2014-06-23 8:18 ` schwab@linux-m68k.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 12:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security?
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Siddhesh, is this triggerable without editing /etc/hosts? In other words, does
this cross a security boundary?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug network/16071] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
2013-10-22 5:27 [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures siddhesh at redhat dot com
` (2 preceding siblings ...)
2014-06-13 12:36 ` fweimer at redhat dot com
@ 2014-06-23 8:18 ` schwab@linux-m68k.org
2014-06-23 9:48 ` siddhesh at redhat dot com
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: schwab@linux-m68k.org @ 2014-06-23 8:18 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |17079
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug network/16071] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
2013-10-22 5:27 [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures siddhesh at redhat dot com
` (3 preceding siblings ...)
2014-06-23 8:18 ` schwab@linux-m68k.org
@ 2014-06-23 9:48 ` siddhesh at redhat dot com
2014-06-23 9:49 ` fweimer at redhat dot com
2014-06-23 10:31 ` schwab@linux-m68k.org
6 siblings, 0 replies; 8+ messages in thread
From: siddhesh at redhat dot com @ 2014-06-23 9:48 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
--- Comment #3 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
This specific problem is only triggered by editing /etc/hosts. Given that the
root cause was related to reading in the file, I'd say this does not have an
impact outside of /etc/hosts, so it should not be a security issue.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug network/16071] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
2013-10-22 5:27 [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures siddhesh at redhat dot com
` (4 preceding siblings ...)
2014-06-23 9:48 ` siddhesh at redhat dot com
@ 2014-06-23 9:49 ` fweimer at redhat dot com
2014-06-23 10:31 ` schwab@linux-m68k.org
6 siblings, 0 replies; 8+ messages in thread
From: fweimer at redhat dot com @ 2014-06-23 9:49 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|security? |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug network/16071] Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures
2013-10-22 5:27 [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures siddhesh at redhat dot com
` (5 preceding siblings ...)
2014-06-23 9:49 ` fweimer at redhat dot com
@ 2014-06-23 10:31 ` schwab@linux-m68k.org
6 siblings, 0 replies; 8+ messages in thread
From: schwab@linux-m68k.org @ 2014-06-23 10:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16071
Bug 16071 depends on bug 17079, which changed state.
Bug 17079 Summary: nss_files mishandles small buffer
https://sourceware.org/bugzilla/show_bug.cgi?id=17079
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2014-06-23 10:31 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-22 5:27 [Bug network/16071] New: Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET address structures siddhesh at redhat dot com
2013-10-22 6:46 ` [Bug network/16071] " siddhesh at redhat dot com
2013-10-30 10:50 ` siddhesh at redhat dot com
2014-06-13 12:36 ` fweimer at redhat dot com
2014-06-23 8:18 ` schwab@linux-m68k.org
2014-06-23 9:48 ` siddhesh at redhat dot com
2014-06-23 9:49 ` fweimer at redhat dot com
2014-06-23 10:31 ` schwab@linux-m68k.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).