This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/20112] sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429)


https://sourceware.org/bugzilla/show_bug.cgi?id=20112

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
This was discovered by Aldy Hernandez' alloca plugin for GCC.

Introduced in this commit:

commit b1eab230118c7d65223927486afb7fe0b531bf33
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Wed Jan 10 23:47:39 2001 +0000
â    
    2001-01-10  Jakub Jelinek  <jakub@redhat.com>

        * sunrpc/clnt_udp.c (clntudp_bufcreate): Set IP_RECVERR on the
        UDP socket.
        (clntudp_call): Handle MSG_ERRQUEUE.
        * sysdeps/generic/errqueue.h: New file.
        * sysdeps/unix/sysv/linux/errqueue.h: New file.

I have a patch (replace the alloca with malloc/free).

libtirpc is affected as well.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]