This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug network/19787] New: Missing error checks in getnameinfo for AF_LOCAL

From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 08 Mar 2016 14:01:05 +0000
Subject: [Bug network/19787] New: Missing error checks in getnameinfo for AF_LOCAL
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=19787

            Bug ID: 19787
           Summary: Missing error checks in getnameinfo for AF_LOCAL
           Product: glibc
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
  Target Milestone: ---
             Flags: security-

getnameinfo for the AF_LOCAL address family uses strncpy to copy the system
host name, not checking for truncation (or ensuring null termination).  The
error value from uname is not checked correctly.

Technically, this could lead to application crashes, but this functionality
appears rather obscure, so not treating this as a security issue.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug network/19787] Missing error checks in getnameinfo for AF_LOCAL
  - From: fweimer at redhat dot com
- [Bug network/19787] Missing error checks in getnameinfo for AF_LOCAL
  - From: fweimer at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]