CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010] - mirror/glibc - mirror of git://sourceware.org/git/glibc.git

diff options

author	Florian Weimer <fweimer@redhat.com>	2016-04-29 10:35:34 +0200
committer	Florian Weimer <fweimer@redhat.com>	2016-04-29 10:35:34 +0200
commit	4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 (patch)
tree	b67c8017a8c64a89dcdf4649965246fc2920f03c /COPYING
parent	137fe72eca6923a00381a3ca9f0e7672c1f85e3f (diff)
download	glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.tar.gz glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.tar.xz glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.zip

CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010]

When converting a struct hostent response to struct gaih_addrtuple, the
gethosts macro (which is called from gaih_inet) used alloca, without
malloc fallback for large responses.  This commit changes this code to
use calloc unconditionally.

This commit also consolidated a second hostent-to-gaih_addrtuple
conversion loop (in gaih_inet) to use the new conversion function.

Diffstat (limited to 'COPYING')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: