Jump to content
Nytro

glibc getaddrinfo() stack overflow

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

glibc getaddrinfo() stack overflow

From: Marcus Meissner <meissner () suse de>

Date: Wed, 3 Apr 2013 13:10:21 +0200

Hi,

A customer reported a glibc crash, which turned out to be a stack overflow in

getaddrinfo().

getaddrinfo() uses:

struct sort_result results[nresults];

with nresults controlled by the nameservice chain (DNS or /etc/hosts).

This will be visible mostly on threaded applications with smaller stacksizes,

or operating near out of stack.

Reproducer I tried:

$ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done

$ ulimit -s 1024

$ telnet a1

Segmentation fault

(clean out /etc/hosts again )

I am not sure you can usually push this amount of addresses via DNS for all

setups.

Andreas is currently pushing the patch to glibc GIT.

Reference:

https://bugzilla.novell.com/show_bug.cgi?id=813121

Ciao, Marcus

Sursa: oss-sec: CVE Request: glibc getaddrinfo() stack overflow

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...