This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/7009] NSS_DNS Resolver crashes when looking up certain hostnames the first time
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 02 Jul 2014 11:39:43 +0000
- Subject: [Bug libc/7009] NSS_DNS Resolver crashes when looking up certain hostnames the first time
- Auto-submitted: auto-generated
- References: <bug-7009-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=7009
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security+
--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
This crash on data received from the network was fixed in commit
9ba2747432e9b2a8b9fe180c6d8ed04cf8577ff1, which went into glibc 2.9. It is
only visible with certain recursive resolvers whose standards compliance is
debatable, but I think it is still a security bug because it led to observable
(client) crashes.
The unfixed code had this:
if (__builtin_expect (type == T_SIG, 0)
|| __builtin_expect (type == T_KEY, 0)
|| __builtin_expect (type == T_NXT, 0)
|| __builtin_expect (type == T_PTR, 0)
|| __builtin_expect (type == T_DNAME, 0))
{
/* We don't support DNSSEC yet. For now, ignore the record
and send a low priority message to syslog.
We also don't expect T_PTR or T_DNAME messages. */
syslog (LOG_DEBUG | LOG_AUTH,
"getaddrinfo*.gaih_getanswer: got type \"%s\"",
p_type (type));
cp += n;
continue;
}
if (type != T_A && type != T_AAAA)
abort ();
As far as I can tell, the abort was present since the dawn of time.
--
You are receiving this mail because:
You are on the CC list for the bug.