This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/20112] sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 23 May 2016 18:27:00 +0000
- Subject: [Bug network/20112] sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429)
- Auto-submitted: auto-generated
- References: <bug-20112-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=20112
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via bc779a1a5b3035133024b21e2f339fe4219fb11c (commit)
from 3375cfafa7961c6ae0e509c31c3b3cef9ad1f03d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c
commit bc779a1a5b3035133024b21e2f339fe4219fb11c
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon May 23 20:18:34 2016 +0200
CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]
The call is technically in a loop, and under certain circumstances
(which are quite difficult to reproduce in a test case), alloca
can be invoked repeatedly during a single call to clntudp_call.
As a result, the available stack space can be exhausted (even
though individual alloca sizes are bounded implicitly by what
can fit into a UDP packet, as a side effect of the earlier
successful send operation).
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 7 +++++++
NEWS | 4 ++++
sunrpc/clnt_udp.c | 10 +++++++++-
3 files changed, 20 insertions(+), 1 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.