]> git.ipfire.org Git - thirdparty/glibc.git/commit
projects / thirdparty / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: edbab24) | patch
CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010]
authorFlorian Weimer <fweimer@redhat.com>
Fri, 29 Apr 2016 08:35:34 +0000 (10:35 +0200)
committerGabriel F. T. Gomes <gftg@linux.vnet.ibm.com>
Tue, 24 May 2016 14:35:31 +0000 (11:35 -0300)
commit1029487ab3b2ef65ec9364cb15c44ee9c571224f
treebcdf22236e9d5a9a13688ff53cc0d0700f366e7ctree
parentedbab2450a084a275d418fba871a8c7b48001a71commit | diff
CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010]

When converting a struct hostent response to struct gaih_addrtuple, the
gethosts macro (which is called from gaih_inet) used alloca, without
malloc fallback for large responses.  This commit changes this code to
use calloc unconditionally.

This commit also consolidated a second hostent-to-gaih_addrtuple
conversion loop (in gaih_inet) to use the new conversion function.

(cherry picked from commit 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9)
ChangeLog diff | blob | blame | history
NEWS diff | blob | blame | history
sysdeps/posix/getaddrinfo.c diff | blob | blame | history
A mirror of the official glibc repository