]> git.ipfire.org Git - thirdparty/glibc.git/commit
projects / thirdparty / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f441cb9) | patch
CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode
authorFlorian Weimer <fweimer@redhat.com>
Wed, 13 Sep 2023 12:10:56 +0000 (14:10 +0200)
committerFlorian Weimer <fweimer@redhat.com>
Wed, 13 Sep 2023 12:37:57 +0000 (14:37 +0200)
commit4ea972b7edd7e36610e8cde18bf7a8149d7bac4f
tree201fcf59f1ca9923fb3597b97d60caaa7453c1b2tree
parentf441cb9a70fa3f55e9bbd615924879d692d21a6ccommit | diff
CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode

Without passing alt_dns_packet_buffer, __res_context_search can only
store 2048 bytes (what fits into dns_packet_buffer).  However,
the function returns the total packet size, and the subsequent
DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
of the stack-allocated buffer.

Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa
stub resolver option") and bug 30842.

(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d)
NEWS diff | blob | blame | history
resolv/Makefile diff | blob | blame | history
resolv/nss_dns/dns-host.c diff | blob | blame | history
resolv/tst-resolv-noaaaa-vc.c [new file with mode: 0644] blob
A mirror of the official glibc repository