diff options
| author | Florian Weimer <fweimer@redhat.com> | 2016-04-29 10:35:34 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2016-04-29 10:35:34 +0200 |
| commit | 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 (patch) | |
| tree | b67c8017a8c64a89dcdf4649965246fc2920f03c /NEWS | |
| parent | 137fe72eca6923a00381a3ca9f0e7672c1f85e3f (diff) | |
| download | glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.tar.gz glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.tar.xz glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.zip | |
CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010]
When converting a struct hostent response to struct gaih_addrtuple, the gethosts macro (which is called from gaih_inet) used alloca, without malloc fallback for large responses. This commit changes this code to use calloc unconditionally. This commit also consolidated a second hostent-to-gaih_addrtuple conversion loop (in gaih_inet) to use the new conversion function.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS index 54ffb02c4d..aa6209e5a1 100644 --- a/NEWS +++ b/NEWS @@ -27,7 +27,10 @@ Version 2.24 Security related changes: - [Add security related changes here] +* Previously, getaddrinfo copied large amounts of address data to the stack, + even after the fix for CVE-2013-4458 has been applied, potentially + resulting in a stack overflow. getaddrinfo now uses a heap allocation + instead. Reported by Michael Petlan. (CVE-2016-3706) The following bugs are resolved with this release: |