[Bug network/20112] sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429)

["cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=20112

--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  bc779a1a5b3035133024b21e2f339fe4219fb11c (commit)
      from  3375cfafa7961c6ae0e509c31c3b3cef9ad1f03d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c

commit bc779a1a5b3035133024b21e2f339fe4219fb11c
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 23 20:18:34 2016 +0200

    CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]

    The call is technically in a loop, and under certain circumstances
    (which are quite difficult to reproduce in a test case), alloca
    can be invoked repeatedly during a single call to clntudp_call.
    As a result, the available stack space can be exhausted (even
    though individual alloca sizes are bounded implicitly by what
    can fit into a UDP packet, as a side effect of the earlier
    successful send operation).

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog         |    7 +++++++
 NEWS              |    4 ++++
 sunrpc/clnt_udp.c |   10 +++++++++-
 3 files changed, 20 insertions(+), 1 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.