From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glibc-bugs-return-26547-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Received: (qmail 15449 invoked by alias); 7 Nov 2014 09:13:24 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Received: (qmail 15398 invoked by uid 48); 7 Nov 2014 09:13:20 -0000
From: "aoliva at sourceware dot org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug network/17562] New: race in getaddrinfo sorting cached in6ai
Date: Fri, 07 Nov 2014 09:13:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: network
X-Bugzilla-Version: 2.21
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: aoliva at sourceware dot org
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-17562-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-11/txt/msg00039.txt.bz2

https://sourceware.org/bugzilla/show_bug.cgi?id=17562

            Bug ID: 17562
           Summary: race in getaddrinfo sorting cached in6ai
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: aoliva at sourceware dot org

check_pf may return a shared in6ai, saved in a cache and returned to multiple
concurrent threads.  getaddrinfo sorts this array regardless of other uses;
there's even a risk that multiple getaddrinfo concurrent runs corrupt the array
by sorting it concurrently.

Since __check_pf is an internal function, and its only user is getaddrinfo, it
shouldn't be too hard to fix this.  One possibility is to pass the sort
function to __check_pf, have __check_pf do the sorting before caching the
result, and for extra care use the compare function as part of the test on
whether the cache is valid (not much point in adding support for re-sorting
into a new cached entry for now, since we always use the same function).

-- 
You are receiving this mail because:
You are on the CC list for the bug.