]>
Commit | Line | Data |
---|---|---|
f2b22ab7 MT |
1 | # |
2 | # Backport from upstream: | |
3 | # | |
4 | # From 1cef1b19089528db11f221e938f60b9b048945d7 Mon Sep 17 00:00:00 2001 | |
5 | # From: Andreas Schwab <schwab@suse.de> | |
6 | # Date: Thu, 21 Mar 2013 15:50:27 +0100 | |
7 | # Subject: [PATCH] Fix stack overflow in getaddrinfo with many results | |
8 | # | |
9 | # --- | |
10 | # ChangeLog | 6 ++++++ | |
11 | # NEWS | 5 ++++- | |
12 | # sysdeps/posix/getaddrinfo.c | 23 +++++++++++++++++++++-- | |
13 | # 3 files changed, 31 insertions(+), 3 deletions(-) | |
14 | # | |
15 | # 2013-04-03 Andreas Schwab <schwab@suse.de> | |
16 | # | |
17 | # [BZ #15330] | |
18 | # * sysdeps/posix/getaddrinfo.c (getaddrinfo): Allocate results and | |
19 | # order arrays from heap if bigger than alloca cutoff. | |
20 | # | |
21 | diff -urN glibc-2.12-2-gc4ccff1.orig/sysdeps/posix/getaddrinfo.c glibc-2.12-2-gc4ccff1/sysdeps/posix/getaddrinfo.c | |
22 | --- glibc-2.12-2-gc4ccff1.orig/sysdeps/posix/getaddrinfo.c 2013-07-24 20:40:37.601887975 -0400 | |
23 | +++ glibc-2.12-2-gc4ccff1/sysdeps/posix/getaddrinfo.c 2013-07-24 20:54:32.722447705 -0400 | |
24 | @@ -2386,11 +2386,27 @@ | |
25 | __typeof (once) old_once = once; | |
26 | __libc_once (once, gaiconf_init); | |
27 | /* Sort results according to RFC 3484. */ | |
28 | - struct sort_result results[nresults]; | |
29 | - size_t order[nresults]; | |
30 | + struct sort_result *results; | |
31 | + size_t *order; | |
32 | struct addrinfo *q; | |
33 | struct addrinfo *last = NULL; | |
34 | char *canonname = NULL; | |
35 | + bool malloc_results; | |
36 | + | |
37 | + malloc_results | |
38 | + = !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (*order))); | |
39 | + if (malloc_results) | |
40 | + { | |
41 | + results = malloc (nresults * (sizeof (*results) + sizeof (*order))); | |
42 | + if (results == NULL) | |
43 | + { | |
44 | + free (in6ai); | |
45 | + return EAI_MEMORY; | |
46 | + } | |
47 | + } | |
48 | + else | |
49 | + results = alloca (nresults * (sizeof (*results) + sizeof (*order))); | |
50 | + order = (size_t *) (results + nresults); | |
51 | ||
52 | /* If we have information about deprecated and temporary addresses | |
53 | sort the array now. */ | |
54 | @@ -2557,6 +2573,9 @@ | |
55 | ||
56 | /* Fill in the canonical name into the new first entry. */ | |
57 | p->ai_canonname = canonname; | |
58 | + | |
59 | + if (malloc_results) | |
60 | + free (results); | |
61 | } | |
62 | ||
63 | free (in6ai); |