diff options
| author | Siddhesh Poyarekar <siddhesh@redhat.com> | 2013-10-25 10:22:12 +0530 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@redhat.com> | 2013-10-25 10:22:12 +0530 |
| commit | 7cbcdb3699584db8913ca90f705d6337633ee10f (patch) | |
| tree | a260a3b6afb62ce20602c0672b6ea040e4db2c8c /ChangeLog | |
| parent | 894f3f1049135dcbeaab8f18690973663ef3147c (diff) | |
| download | glibc-7cbcdb3699584db8913ca90f705d6337633ee10f.tar.gz glibc-7cbcdb3699584db8913ca90f705d6337633ee10f.tar.xz glibc-7cbcdb3699584db8913ca90f705d6337633ee10f.zip | |
Fix stack overflow due to large AF_INET6 requests
Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index 85cc5da1b2..05a8f05db0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2013-10-25 Siddhesh Poyarekar <siddhesh@redhat.com> + + [BZ #16072] + * sysdeps/posix/getaddrinfo.c (gethosts): Allocate tmpbuf on + heap for large requests. + 2013-10-25 Aurelien Jarno <aurelien@aurel32.net> [BZ #9954] |