This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/15014] gethostbyname_r() returns EINVAL (22) instead of ERANGE (34) (CVE-2015-0235)
- From: "joseph at codesourcery dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 28 Jan 2015 01:59:19 +0000
- Subject: [Bug network/15014] gethostbyname_r() returns EINVAL (22) instead of ERANGE (34) (CVE-2015-0235)
- Auto-submitted: auto-generated
- References: <bug-15014-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=15014
--- Comment #4 from joseph at codesourcery dot com <joseph at codesourcery dot com> ---
Florian *has* reviewed over 3000 past glibc bugs for security impact
(there are a fair number more, mostly older bugs, not yet given a security
flag), but as this case illustrates it may not be apparent from the bug
description that a buffer overrun was involved at all (the subject of this
bug rather suggests a conformance issue with a wrong errno value).
Now, if someone else wants to do their own review of over 3000 bugs with
"security-" flag, and to query cases where they disagree with that
assessment, that would be welcome, but probably also very tedious and not
likely to find many cases of misclassified bugs.
--
You are receiving this mail because:
You are on the CC list for the bug.