diff options
| author | Andreas Schwab <schwab@suse.de> | 2014-03-20 15:05:25 +0100 |
|---|---|---|
| committer | Aurelien Jarno <aurelien@aurel32.net> | 2015-09-10 12:09:29 +0200 |
| commit | 1e7df7fdefe82764488875f8a9c0cd993b56b2b1 (patch) | |
| tree | 79ed6cf239bcaa3c2219ebb581fbc0184bc9116f | |
| parent | 126e13008672dddfc757f7260cb8d6ff7c77a4b5 (diff) | |
| download | glibc-1e7df7fdefe82764488875f8a9c0cd993b56b2b1.tar.gz glibc-1e7df7fdefe82764488875f8a9c0cd993b56b2b1.tar.xz glibc-1e7df7fdefe82764488875f8a9c0cd993b56b2b1.zip | |
Fix use of half-initialized result in getaddrinfo when using nscd (bug 16743)
This fixes a bug in the way the results from __nscd_getai are collected: for every returned result a new entry is first added to the gaih_addrtuple list, but if that result doesn't match the request this entry remains uninitialized. So for this non-matching result an extra result with uninitialized content is returned. To reproduce (with nscd running): $ getent ahostsv4 localhost 127.0.0.1 STREAM localhost 127.0.0.1 DGRAM 127.0.0.1 RAW (null) STREAM (null) DGRAM (null) RAW (cherry picked from commit a071766ebfd853179ac39f9773f894029bf86d36) Conflicts: ChangeLog NEWS
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | sysdeps/posix/getaddrinfo.c | 8 |
3 files changed, 17 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog index 0eb6c3f0a1..396430509c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2014-03-20 Andreas Schwab <schwab@suse.de> + + [BZ #16743] + * sysdeps/posix/getaddrinfo.c (gaih_inet): Properly skip over + non-matching result from nscd. + 2015-04-21 Arjun Shankar <arjun.is@lostca.se> [BZ #18287] diff --git a/NEWS b/NEWS index 7f9388fec9..be59ead5b7 100644 --- a/NEWS +++ b/NEWS @@ -9,9 +9,9 @@ Version 2.19.1 * The following bugs are resolved with this release: - 15946, 16545, 16574, 16623, 16657, 16695, 16878, 16882, 16885, 16916, - 16932, 16943, 16958, 17048, 17069, 17137, 17213, 17263, 17325, 17555, - 18287. + 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885, + 16916, 16932, 16943, 16958, 17048, 17069, 17137, 17213, 17263, 17325, + 17555, 18287. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index 8218237af2..b3cc1246cb 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -710,6 +710,14 @@ gaih_inet (const char *name, const struct gaih_service *service, struct gaih_addrtuple *addrfree = addrmem; for (int i = 0; i < air->naddrs; ++i) { + if (!((air->family[i] == AF_INET + && req->ai_family == AF_INET6 + && (req->ai_flags & AI_V4MAPPED) != 0) + || req->ai_family == AF_UNSPEC + || air->family[i] == req->ai_family)) + /* Skip over non-matching result. */ + continue; + socklen_t size = (air->family[i] == AF_INET ? INADDRSZ : IN6ADDRSZ); if (*pat == NULL) |