From: Andreas Schwab Date: Thu, 20 Mar 2014 14:05:25 +0000 (+0100) Subject: Fix use of half-initialized result in getaddrinfo when using nscd (bug 16743) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e7df7fdefe82764488875f8a9c0cd993b56b2b1;p=thirdparty%2Fglibc.git Fix use of half-initialized result in getaddrinfo when using nscd (bug 16743) This fixes a bug in the way the results from __nscd_getai are collected: for every returned result a new entry is first added to the gaih_addrtuple list, but if that result doesn't match the request this entry remains uninitialized. So for this non-matching result an extra result with uninitialized content is returned. To reproduce (with nscd running): $ getent ahostsv4 localhost 127.0.0.1 STREAM localhost 127.0.0.1 DGRAM 127.0.0.1 RAW (null) STREAM (null) DGRAM (null) RAW (cherry picked from commit a071766ebfd853179ac39f9773f894029bf86d36) Conflicts: ChangeLog NEWS --- diff --git a/ChangeLog b/ChangeLog index 0eb6c3f0a1f..396430509c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2014-03-20 Andreas Schwab + + [BZ #16743] + * sysdeps/posix/getaddrinfo.c (gaih_inet): Properly skip over + non-matching result from nscd. + 2015-04-21 Arjun Shankar [BZ #18287] diff --git a/NEWS b/NEWS index 7f9388fec97..be59ead5b76 100644 --- a/NEWS +++ b/NEWS @@ -9,9 +9,9 @@ Version 2.19.1 * The following bugs are resolved with this release: - 15946, 16545, 16574, 16623, 16657, 16695, 16878, 16882, 16885, 16916, - 16932, 16943, 16958, 17048, 17069, 17137, 17213, 17263, 17325, 17555, - 18287. + 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885, + 16916, 16932, 16943, 16958, 17048, 17069, 17137, 17213, 17263, 17325, + 17555, 18287. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index 8218237af23..b3cc1246cb3 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -710,6 +710,14 @@ gaih_inet (const char *name, const struct gaih_service *service, struct gaih_addrtuple *addrfree = addrmem; for (int i = 0; i < air->naddrs; ++i) { + if (!((air->family[i] == AF_INET + && req->ai_family == AF_INET6 + && (req->ai_flags & AI_V4MAPPED) != 0) + || req->ai_family == AF_UNSPEC + || air->family[i] == req->ai_family)) + /* Skip over non-matching result. */ + continue; + socklen_t size = (air->family[i] == AF_INET ? INADDRSZ : IN6ADDRSZ); if (*pat == NULL)