git.ipfire.org Git - thirdparty/glibc.git/commit

author	Florian Weimer <fweimer@redhat.com>
	Mon, 21 Jan 2019 20:26:03 +0000 (21:26 +0100)
committer	Florian Weimer <fweimer@redhat.com>
	Mon, 4 Feb 2019 20:36:37 +0000 (21:36 +0100)
commit	2373941bd73cb288c8a42a33e23e7f7bb81151e7
tree	bdfbcaa03a582c30b71e0b987030a609f7fb12be	tree
parent	37edf1d3f8ab9adefb61cc466ac52b53114fbd5b	commit \| diff

CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings [BZ #20018]

The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).

This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).

To avoid sending the problematic query names over DNS, commit
6ca53a2453598804a2559a548a08424fca96434a ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.

(cherry picked from commit 108bc4049f8ae82710aec26a92ffdb4b439c83fd)

ChangeLog		diff \| blob \| blame \| history
NEWS		diff \| blob \| blame \| history
include/arpa/inet.h		diff \| blob \| blame \| history
nscd/gai.c		diff \| blob \| blame \| history
nscd/gethstbynm3_r.c		diff \| blob \| blame \| history
nss/digits_dots.c		diff \| blob \| blame \| history
resolv/Makefile		diff \| blob \| blame \| history
resolv/Versions		diff \| blob \| blame \| history
resolv/inet_addr.c		diff \| blob \| blame \| history
resolv/res_init.c		diff \| blob \| blame \| history
resolv/tst-aton.c		diff \| blob \| blame \| history
resolv/tst-inet_aton_exact.c	[new file with mode: 0644]	blob
resolv/tst-resolv-nondecimal.c	[new file with mode: 0644]	blob
resolv/tst-resolv-trailing.c	[new file with mode: 0644]	blob
sysdeps/posix/getaddrinfo.c		diff \| blob \| blame \| history