This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][BZ 21295] getaddrinfo: do not overwrite IPv6 IPs with IPv4 when using AF_UNSPEC
- From: Stefan Liebler <stli at linux dot vnet dot ibm dot com>
- To: libc-alpha at sourceware dot org
- Date: Thu, 6 Jul 2017 11:02:59 +0200
- Subject: Re: [PATCH][BZ 21295] getaddrinfo: do not overwrite IPv6 IPs with IPv4 when using AF_UNSPEC
- Authentication-results: sourceware.org; auth=none
- References: <20170323132130.GA25347@kmeaw.com> <39fd154d-2434-f26a-82ce-09acf743de0b@redhat.com>
On 06/24/2017 04:59 PM, Florian Weimer wrote:
On 03/23/2017 02:21 PM, kmeaw@kmeaw.com wrote:
CVE-2016-3706 patch introduces a regression which disrupts connectivity
from IPv6-only to dual-stack hosts. This is caused by
convert_hostent_to_gaih_addrtuple which frees the result opposed to
appending to it (prior to the CVE patch in gaih_inet).
This change replaces free(*result) call with a loop which looks for the
pointer to the end of the linked list (&(*result)->next), so successive
calls append the result to the list instead of overwriting it.
Bugzilla entry #21295 describes a way to reproduce the issue.
Thanks. I have pushed your patch along with a test case tweak to cover
this area of getaddrinfo.
Thanks,
Florian
Hi Florian,
I've recognized the test-fail resolv/tst-resolv-basic on some but not
all machines of mine on different architectures s390, intel, power and
according to 2.26 release page, Joseph also recognized it on his arm,
mips, power32 machines:
warning: could not become root outside namespace (Operation not permitted)
warning: unshare (CLONE_NEWUTS) failed: Operation not permitted
warning: could not enter network namespace
error: addrinfo comparison failure
query: www.example:80 [10]/0x18
--- expected
+++ actual
@@ -1,3 +1,3 @@
flags: AI_V4MAPPED AI_ALL
-address: STREAM/TCP 2001:db8::1 80
address: STREAM/TCP ::ffff:192.0.2.17 80
+address: STREAM/TCP 2001:db8::1 80
error: addrinfo comparison failure
query: t.www.example:80 [10]/0x18
--- expected
+++ actual
@@ -1,3 +1,3 @@
flags: AI_V4MAPPED AI_ALL
-address: STREAM/TCP 2001:db8::3 80
address: STREAM/TCP ::ffff:192.0.2.19 80
+address: STREAM/TCP 2001:db8::3 80
error: 2 test failures
Does the ordering of the results matter?
Bye.
Stefan