From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10790 invoked by alias); 18 Oct 2015 11:02:42 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 10745 invoked by uid 48); 18 Oct 2015 11:02:38 -0000 From: "fweimer at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug network/19148] New: resolv: TCP query failure triggers retries along the search path Date: Sun, 18 Oct 2015 11:02:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: network X-Bugzilla-Version: 2.23 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-10/txt/msg00250.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D19148 Bug ID: 19148 Summary: resolv: TCP query failure triggers retries along the search path Product: glibc Version: 2.23 Status: NEW Severity: normal Priority: P2 Component: network Assignee: unassigned at sourceware dot org Reporter: fweimer at redhat dot com Target Milestone: --- If the stub resolver receives a TC=3D1 reply from a configured name server,= it will attempt to fetch the answer over TCP. If the TCP connection fails, the stub resolver proceeds along the search path, instead of failing the query = due to the network failure. This means that a brief name server outage can lea= d to vastly different name resolution results, which seems wrong (and very diffi= cult to debug). The current behavior could turn more problematic once new gTLDs= are in wide use because traditionally, operators avoid using TLD strings as lab= els (so a successful resolution on the fallback queries along the search path appears unlikely at the moment). This is the second problem observed in this thread: https://sourceware.org/ml/libc-help/2015-10/msg00012.html Fixing this bug will not address the reporter's issue because the configured name server does not support TCP reliably. This bug just fell out of the analysis of the original report. Reproduction instructions follow. Make sure that /etc/resolv.conf contains= a =E2=80=9Csearch directive=E2=80=9D. Disable TCP connections to the name se= rvers with: # iptables -I OUTPUT -p tcp --dport 53 -j REJECT --reject-with=3Dtcp-reset Then run: $ strace -e sendmmsg -s 500 getent ahosts like-keys.t.enyo.de Observe how search path entries are appended to the queried domain name. The following resource records are associated with like-keys.t.enyo.de: like-keys.t.enyo.de. 600 IN CNAME like-keys-1.t.enyo.de. like-keys-1.t.enyo.de. 600 IN A 192.0.2.1 like-keys-1.t.enyo.de. 600 IN A 192.0.2.2 like-keys-1.t.enyo.de. 600 IN A 192.0.2.3 like-keys-1.t.enyo.de. 600 IN A 192.0.2.4 like-keys-1.t.enyo.de. 600 IN A 192.0.2.5 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8:: like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::1 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::10 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::2 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::3 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::4 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::5 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::6 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::7 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::8 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::9 like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::a like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::b like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::c like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::d like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::e like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::f --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-30214-listarch-glibc-bugs=sources.redhat.com@sourceware.org Sun Oct 18 21:03:59 2015 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 8188 invoked by alias); 18 Oct 2015 21:03:58 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 8148 invoked by uid 55); 18 Oct 2015 21:03:54 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug libc/17079] nss_files heap-based buffer overflow with small buffer (CVE-2015-5277) Date: Sun, 18 Oct 2015 21:03:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.19 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.20 X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-10/txt/msg00251.txt.bz2 Content-length: 1476 https://sourceware.org/bugzilla/show_bug.cgi?id=17079 --- Comment #7 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.19/master has been updated via 3fd498242948b1fa944c56646ec9b156387dd310 (commit) from b0f0937975ef3c0f4c514fe29137549c27be0cf0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3fd498242948b1fa944c56646ec9b156387dd310 commit 3fd498242948b1fa944c56646ec9b156387dd310 Author: Andreas Schwab Date: Mon Jun 23 10:24:45 2014 +0200 Don't ignore too long lines in nss_files (BZ #17079) (cherry picked from commit ac60763eac3d43b7234dd21286ad3ec3f17957fc) Conflicts: ChangeLog NEWS ----------------------------------------------------------------------- Summary of changes: ChangeLog | 6 ++++++ NEWS | 4 ++-- nss/nss_files/files-XXX.c | 4 +++- 3 files changed, 11 insertions(+), 3 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.