public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug network/28091] New: nss_name_skip may return 0 for domain names without terminator
@ 2021-07-15 7:40 fweimer at redhat dot com
2021-07-15 7:41 ` [Bug network/28091] " fweimer at redhat dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2021-07-15 7:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28091
Bug ID: 28091
Summary: nss_name_skip may return 0 for domain names without
terminator
Product: glibc
Version: 2.34
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
ns_name_skip returns 0 (indicating success) for a buffer that contains the two
bytes 1, 1 (no terminating null label or compression indicator). Callers
probably expect that the function reports failure because the message is
corrupted.
I do not think this is a security vulnerability because in typical packet
layouts, a two-byte item follows the domain name, so the caller has to perform
a separate length check for the remaining buffer anyway.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug network/28091] nss_name_skip may return 0 for domain names without terminator 2021-07-15 7:40 [Bug network/28091] New: nss_name_skip may return 0 for domain names without terminator fweimer at redhat dot com @ 2021-07-15 7:41 ` fweimer at redhat dot com 2021-07-19 8:30 ` cvs-commit at gcc dot gnu.org ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2021-07-15 7:41 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=28091 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Status|NEW |ASSIGNED Assignee|unassigned at sourceware dot org |fweimer at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug network/28091] nss_name_skip may return 0 for domain names without terminator 2021-07-15 7:40 [Bug network/28091] New: nss_name_skip may return 0 for domain names without terminator fweimer at redhat dot com 2021-07-15 7:41 ` [Bug network/28091] " fweimer at redhat dot com @ 2021-07-19 8:30 ` cvs-commit at gcc dot gnu.org 2021-07-19 8:41 ` fweimer at redhat dot com 2021-07-20 9:52 ` [Bug network/28091] ns_name_skip " fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2021-07-19 8:30 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=28091 --- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cff2c78c513ef8d51e69a6933f1c6aef8a24a6d6 commit cff2c78c513ef8d51e69a6933f1c6aef8a24a6d6 Author: Florian Weimer <fweimer@redhat.com> Date: Mon Jul 19 07:55:27 2021 +0200 resolv: Move ns_name_skip to its own file and into libc (bug 28091) And reformat to GNU style. Avoid out-of-bounds pointer arithmetic. This also results in a fix of bug 28091 due to the additional packet length checks. The symbol was moved using scripts/move-symbol-to-libc.py. Reviewed-by: Carlos O'Donell <carlos@systemhalted.org> -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug network/28091] nss_name_skip may return 0 for domain names without terminator 2021-07-15 7:40 [Bug network/28091] New: nss_name_skip may return 0 for domain names without terminator fweimer at redhat dot com 2021-07-15 7:41 ` [Bug network/28091] " fweimer at redhat dot com 2021-07-19 8:30 ` cvs-commit at gcc dot gnu.org @ 2021-07-19 8:41 ` fweimer at redhat dot com 2021-07-20 9:52 ` [Bug network/28091] ns_name_skip " fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2021-07-19 8:41 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=28091 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.34 Resolution|--- |FIXED Flags| |security- Status|ASSIGNED |RESOLVED --- Comment #2 from Florian Weimer <fweimer at redhat dot com> --- Fixed in glibc 2.34. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug network/28091] ns_name_skip may return 0 for domain names without terminator 2021-07-15 7:40 [Bug network/28091] New: nss_name_skip may return 0 for domain names without terminator fweimer at redhat dot com ` (2 preceding siblings ...) 2021-07-19 8:41 ` fweimer at redhat dot com @ 2021-07-20 9:52 ` fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2021-07-20 9:52 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=28091 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|nss_name_skip may return 0 |ns_name_skip may return 0 |for domain names without |for domain names without |terminator |terminator -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-07-20 9:52 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-07-15 7:40 [Bug network/28091] New: nss_name_skip may return 0 for domain names without terminator fweimer at redhat dot com 2021-07-15 7:41 ` [Bug network/28091] " fweimer at redhat dot com 2021-07-19 8:30 ` cvs-commit at gcc dot gnu.org 2021-07-19 8:41 ` fweimer at redhat dot com 2021-07-20 9:52 ` [Bug network/28091] ns_name_skip " fweimer at redhat dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).