From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12971 invoked by alias); 17 May 2018 12:43:40 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 12851 invoked by uid 89); 17 May 2018 12:43:40 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:2043 X-Spam-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_HELO_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 17 May 2018 12:43:38 +0000 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6D78632B622 for ; Thu, 17 May 2018 12:43:37 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.36.118.52]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3DCFE2010CD3 for ; Thu, 17 May 2018 12:43:37 +0000 (UTC) Received: by oldenburg.str.redhat.com (Postfix, from userid 1000) id 63E0840272FB8; Thu, 17 May 2018 14:43:36 +0200 (CEST) Date: Mon, 01 Jan 2018 00:00:00 -0000 To: libc-stable@sourceware.org Subject: [2.26 COMMITTED] resolv: Fully initialize struct mmsghdr in send_dg [BZ #23037] User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20180517124336.63E0840272FB8@oldenburg.str.redhat.com> From: fweimer@redhat.com (Florian Weimer) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 17 May 2018 12:43:37 +0000 (UTC) X-IsSubscribed: yes X-SW-Source: 2018-05/txt/msg00027.txt.bz2 (cherry picked from commit 583a27d525ae189bdfaa6784021b92a9a1dae12e) 2018-04-09 Florian Weimer [BZ #23037] * resolv/res_send.c (send_dg): Use designated initializers instead of assignment to zero-initialize other fields of struct mmsghdr. diff --git a/NEWS b/NEWS index 410f0d1631..8c432b3e6e 100644 --- a/NEWS +++ b/NEWS @@ -118,6 +118,7 @@ The following bugs are resolved with this release: [22685] powerpc: Fix syscalls during early process initialization [22715] x86-64: Properly align La_x86_64_retval to VEC_SIZE [22774] malloc: Integer overflow in malloc (CVE-2018-6551) + [23037] resolv: Fully initialize struct mmsghdr in send_dg Version 2.26 diff --git a/resolv/res_send.c b/resolv/res_send.c index b396aae03c..0ca02f9843 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1152,25 +1152,27 @@ send_dg(res_state statp, if (have_sendmmsg >= 0 && nwritten == 0 && buf2 != NULL && !single_request) { - struct iovec iov[2]; - struct mmsghdr reqs[2]; - reqs[0].msg_hdr.msg_name = NULL; - reqs[0].msg_hdr.msg_namelen = 0; - reqs[0].msg_hdr.msg_iov = &iov[0]; - reqs[0].msg_hdr.msg_iovlen = 1; - iov[0].iov_base = (void *) buf; - iov[0].iov_len = buflen; - reqs[0].msg_hdr.msg_control = NULL; - reqs[0].msg_hdr.msg_controllen = 0; - - reqs[1].msg_hdr.msg_name = NULL; - reqs[1].msg_hdr.msg_namelen = 0; - reqs[1].msg_hdr.msg_iov = &iov[1]; - reqs[1].msg_hdr.msg_iovlen = 1; - iov[1].iov_base = (void *) buf2; - iov[1].iov_len = buflen2; - reqs[1].msg_hdr.msg_control = NULL; - reqs[1].msg_hdr.msg_controllen = 0; + struct iovec iov = + { .iov_base = (void *) buf, .iov_len = buflen }; + struct iovec iov2 = + { .iov_base = (void *) buf2, .iov_len = buflen2 }; + struct mmsghdr reqs[2] = + { + { + .msg_hdr = + { + .msg_iov = &iov, + .msg_iovlen = 1, + }, + }, + { + .msg_hdr = + { + .msg_iov = &iov2, + .msg_iovlen = 1, + } + }, + }; int ndg = __sendmmsg (pfd[0].fd, reqs, 2, MSG_NOSIGNAL); if (__glibc_likely (ndg == 2))