From 108bc4049f8ae82710aec26a92ffdb4b439c83fd Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 21 Jan 2019 21:26:03 +0100 Subject: CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings [BZ #20018] The IPv4 address parser in the getaddrinfo function is changed so that it does not ignore trailing whitespace and all characters after it. For backwards compatibility, the getaddrinfo function still recognizes legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8 (octal). This commit does not change the behavior of inet_addr and inet_aton. gethostbyname already had additional sanity checks (but is switched over to the new __inet_aton_exact function for completeness as well). To avoid sending the problematic query names over DNS, commit 6ca53a2453598804a2559a548a08424fca96434a ("resolv: Do not send queries for non-host-names in nss_dns [BZ #24112]") is needed. --- nscd/gai.c | 1 - nscd/gethstbynm3_r.c | 2 -- 2 files changed, 3 deletions(-) (limited to 'nscd') diff --git a/nscd/gai.c b/nscd/gai.c index fd4e8e092f..801d304d47 100644 --- a/nscd/gai.c +++ b/nscd/gai.c @@ -19,7 +19,6 @@ /* This file uses the getaddrinfo code but it compiles it without NSCD support. We just need a few symbol renames. */ -#define __inet_aton inet_aton #define __ioctl ioctl #define __getsockname getsockname #define __socket socket diff --git a/nscd/gethstbynm3_r.c b/nscd/gethstbynm3_r.c index 9f70a86a58..ff594b6d27 100644 --- a/nscd/gethstbynm3_r.c +++ b/nscd/gethstbynm3_r.c @@ -38,8 +38,6 @@ #define HAVE_LOOKUP_BUFFER 1 #define HAVE_AF 1 -#define __inet_aton inet_aton - /* We are nscd, so we don't want to be talking to ourselves. */ #undef USE_NSCD -- cgit 1.4.1