This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/10823] New: [patch] __libc_res_nsend: wrong subscript while copying nsaddr_list into nsaddrs
- From: "petar at smokva dot net" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 21 Oct 2009 22:33:23 -0000
- Subject: [Bug libc/10823] New: [patch] __libc_res_nsend: wrong subscript while copying nsaddr_list into nsaddrs
- Reply-to: sourceware-bugzilla at sourceware dot org
Without the attached patch, the resolver will copy invalid items from
nsaddr_list into nsaddrs when ipv6 nameservers are used in _PATH_RESCONF
A res_(n)query with the following resolv.conf:
+---
| nameserver 2.2.2.2
| nameserver ::1
| nameserver 3.3.3.3
will only query 2.2.2.2 and ::1 while skipping 3.3.3.3.
A closer look at res_send.c revealed that __libc_res_nsend even copied
empty nsaddr_list items while populating nsaddrs. Since having an ipv6
nameserver automatically means one empty nsaddr_list slot, the setup
above results in:
+---
| nsaddr fam addr port
| ------ --- ---- ----
| [0] AF_INET 2.2.2.2 53
| [1] AF_INET6 ::1 53
| [2] 0 0.0.0.0 0
I tested the patch against glibc-2.10.1 and it works as expected.
Petar Bogdanovic
diff --git a/resolv/res_send.c b/resolv/res_send.c
index 4c14db1..9f3fe21 100644
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -438,21 +438,21 @@ __libc_res_nsend(res_state statp, const u_char *buf, int
buflen,
map[n] = ns++;
}
EXT(statp).nscount = n;
for (ns = 0; ns < EXT(statp).nscount; ns++) {
n = map[ns];
if (EXT(statp).nsaddrs[n] == NULL)
EXT(statp).nsaddrs[n] =
malloc(sizeof (struct sockaddr_in6));
if (EXT(statp).nsaddrs[n] != NULL) {
memset (mempcpy(EXT(statp).nsaddrs[n],
- &statp->nsaddr_list[ns],
+ &statp->nsaddr_list[n],
sizeof (struct sockaddr_in)),
'\0',
sizeof (struct sockaddr_in6)
- sizeof (struct sockaddr_in));
EXT(statp).nssocks[n] = -1;
n++;
}
}
EXT(statp).nsinit = 1;
}
Raw diff: http://smokva.net/patch/glibc__resolv__res_send.c.diff
--
Summary: [patch] __libc_res_nsend: wrong subscript while copying
nsaddr_list into nsaddrs
Product: glibc
Version: 2.10
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: petar at smokva dot net
CC: glibc-bugs at sources dot redhat dot com
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://sourceware.org/bugzilla/show_bug.cgi?id=10823
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.