This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/12926] getaddrinfo()/make_request() may spin forever


https://sourceware.org/bugzilla/show_bug.cgi?id=12926

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carlos at redhat dot com

--- Comment #11 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Florian Weimer from comment #9)
> There are several other places which use < 0 instead of <= 0, so commit
> fda389c8f0311dd5786be91a7b54b9f935fcafa1 may be incomplete.  I will also get
> clarification if netlink responses from the kernel can get lost.
> 
> We might also simplify the netlink processing logic a bit because kernel
> messages can no longer be spoofed due to this kernel fix:
> 
> http://marc.info/?l=linux-netdev&m=134572386125610

How can we assume all supported kernels from 2.6.32 and up are not vulnerable?
AFAIK glibc has to be defensive in this case.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]