This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/12926] getaddrinfo()/make_request() may spin forever
- From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 21 Oct 2015 14:11:30 +0000
- Subject: [Bug network/12926] getaddrinfo()/make_request() may spin forever
- Auto-submitted: auto-generated
- References: <bug-12926-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=12926
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carlos at redhat dot com
--- Comment #11 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Florian Weimer from comment #9)
> There are several other places which use < 0 instead of <= 0, so commit
> fda389c8f0311dd5786be91a7b54b9f935fcafa1 may be incomplete. I will also get
> clarification if netlink responses from the kernel can get lost.
>
> We might also simplify the netlink processing logic a bit because kernel
> messages can no longer be spoofed due to this kernel fix:
>
> http://marc.info/?l=linux-netdev&m=134572386125610
How can we assume all supported kernels from 2.6.32 and up are not vulnerable?
AFAIK glibc has to be defensive in this case.
--
You are receiving this mail because:
You are on the CC list for the bug.