This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH][BZ 21295] getaddrinfo: do not overwrite IPv6 IPs with IPv4 when using AF_UNSPEC

From: Florian Weimer <fweimer at redhat dot com>
To: kmeaw at kmeaw dot com, libc-alpha at sourceware dot org
Date: Sat, 24 Jun 2017 16:59:25 +0200
Subject: Re: [PATCH][BZ 21295] getaddrinfo: do not overwrite IPv6 IPs with IPv4 when using AF_UNSPEC
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 03BE6C04B317
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 03BE6C04B317
References: <20170323132130.GA25347@kmeaw.com>

On 03/23/2017 02:21 PM, kmeaw@kmeaw.com wrote:
> CVE-2016-3706 patch introduces a regression which disrupts connectivity
> from IPv6-only to dual-stack hosts. This is caused by
> convert_hostent_to_gaih_addrtuple which frees the result opposed to
> appending to it (prior to the CVE patch in gaih_inet).
> 
> This change replaces free(*result) call with a loop which looks for the
> pointer to the end of the linked list (&(*result)->next), so successive
> calls append the result to the list instead of overwriting it.
> 
> Bugzilla entry #21295 describes a way to reproduce the issue.

Thanks.  I have pushed your patch along with a test case tweak to cover
this area of getaddrinfo.

Thanks,
Florian

resolv/tst-resolv-basic: Add test cases for bug 21295

2017-06-24  Florian Weimer  <fweimer@redhat.com>

	[BZ #21295]
	* resolv/tst-resolv-basic.c (do_test): Add new test cases.

diff --git a/resolv/tst-resolv-basic.c b/resolv/tst-resolv-basic.c
index 92f912b..3dfa165 100644
--- a/resolv/tst-resolv-basic.c
+++ b/resolv/tst-resolv-basic.c
@@ -398,6 +398,22 @@ do_test (void)
   check_ai ("t.nxdomain.example", "80", AF_INET6,
             "error: Name or service not known\n");
 
+  /* Test for bug 21295.  */
+  check_ai_hints ("www.example", "80",
+                  (struct addrinfo) { .ai_family = AF_INET6,
+                      .ai_socktype = SOCK_STREAM,
+                      .ai_flags = AI_V4MAPPED | AI_ALL, },
+                  "flags: AI_V4MAPPED AI_ALL\n"
+                  "address: STREAM/TCP 2001:db8::1 80\n"
+                  "address: STREAM/TCP ::ffff:192.0.2.17 80\n");
+  check_ai_hints ("t.www.example", "80",
+                  (struct addrinfo) { .ai_family = AF_INET6,
+                      .ai_socktype = SOCK_STREAM,
+                      .ai_flags = AI_V4MAPPED | AI_ALL, },
+                  "flags: AI_V4MAPPED AI_ALL\n"
+                  "address: STREAM/TCP 2001:db8::3 80\n"
+                  "address: STREAM/TCP ::ffff:192.0.2.19 80\n");
+
   resolv_test_end (aux);
 
   return 0;

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]