This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/4726] New: Uninitialised bytes at getaddrinfo() with IPv6 nameserver
- From: "Kentaro dot Kodama at jp dot sony dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 3 Jul 2007 07:34:26 -0000
- Subject: [Bug libc/4726] New: Uninitialised bytes at getaddrinfo() with IPv6 nameserver
- Reply-to: sourceware-bugzilla at sourceware dot org
*SUMMARY
valgrind reported uninitialised bytes when I called getaddrinfo(), with IPv6
nameserver at /etc/resolv.conf.
----------------
==31889== Syscall param socketcall.connect(serv_addr..sin6_scope_id) contains
uninitialised or unaddressable byte(s)
==31889== at 0x9CBDC1: __connect_internal (in /lib/tls/libc-2.3.3.so)
==31889== by 0xB840E2: __GI___libc_res_nquery (in /lib/libresolv-2.3.3.so)
==31889== by 0xB843A7: __libc_res_nquerydomain (in /lib/libresolv-2.3.3.so)
==31889== by 0xB84762: __GI___libc_res_nsearch (in /lib/libresolv-2.3.3.so)
==31889== Address 0x1B92D678 is 24 bytes inside a block of size 28 alloc'd
==31889== at 0x1B904A90: malloc (vg_replace_malloc.c:131)
==31889== by 0xB850E7: __libc_res_nsend (in /lib/libresolv-2.3.3.so)
==31889== by 0xB840E2: __GI___libc_res_nquery (in /lib/libresolv-2.3.3.so)
==31889== by 0xB843A7: __libc_res_nquerydomain (in /lib/libresolv-2.3.3.so)
----------------
It seems that this bug still exists in glibc-2.6, because the codes that
brings this error have not changed.
*OCCURRENCE CONDITION
(1)Having ipv6 nameservers in resolv.conf
(2)Call getaddrinfo() and its hints.ai_family is AF_INET
*CONSIDERATION
+Why does it happens
res_send.c __libc_res_nsend()
-----------
if (EXT(statp).nsaddrs[n] == NULL)
EXT(statp).nsaddrs[n] =
malloc(sizeof (struct sockaddr_in6));
if (EXT(statp).nsaddrs[n] != NULL) {
memcpy(EXT(statp).nsaddrs[n],
&statp->nsaddr_list[ns],
sizeof (struct sockaddr_in));
-----------
sizeof (struct sockaddr_in6) is 28.
sizeof (struct sockaddr_in) is 16.
Thus, the last 12 bytes are uninitialised.
I used gdb and "watch" the *_res._u._ext.nsaddrs[0], and I found that
sin6_scope_id was not changed when it reached connect(2).
I'd like to propose to add an initialization like this:
--- res_send.c.org 2007-06-27 12:40:14.000000000 +0900
+++ res_send.c 2007-07-03 14:02:19.035531080 +0900
@@ -420,6 +420,8 @@
EXT(statp).nsaddrs[n] =
malloc(sizeof (struct sockaddr_in6));
if (EXT(statp).nsaddrs[n] != NULL) {
+ memset(EXT(statp).nsaddrs[n], 0,
+ sizeof (struct sockaddr_in6));
memcpy(EXT(statp).nsaddrs[n],
&statp->nsaddr_list[ns],
sizeof (struct sockaddr_in));
+And...
I also found that we needed to add an initialization for the following codes:
res_send.c
----
static void
convaddr4to6(struct sockaddr_in6 *sa)
{
struct sockaddr_in *sa4p = (struct sockaddr_in *) sa;
in_port_t port = sa4p->sin_port;
in_addr_t addr = sa4p->sin_addr.s_addr;
sa->sin6_family = AF_INET6;
sa->sin6_port = port;
sa->sin6_addr.s6_addr32[0] = 0;
sa->sin6_addr.s6_addr32[1] = 0;
sa->sin6_addr.s6_addr32[2] = htonl(0xFFFF);
sa->sin6_addr.s6_addr32[3] = addr;
+ sa->sin6_scope_id = 0;
}
----
Regards.
--
Summary: Uninitialised bytes at getaddrinfo() with IPv6
nameserver
Product: glibc
Version: 2.3.3
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: Kentaro dot Kodama at jp dot sony dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=4726
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.