This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/20964] New: sunrpc: Stack-based buffer overflow in getrpcport with RES_USE_INET6
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 13 Dec 2016 14:52:24 +0000
- Subject: [Bug network/20964] New: sunrpc: Stack-based buffer overflow in getrpcport with RES_USE_INET6
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=20964
Bug ID: 20964
Summary: sunrpc: Stack-based buffer overflow in getrpcport with
RES_USE_INET6
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security+
First seen in the libtirpc repository here:
commit 4a8abc724adc6a8ad0d577d51e87098b73c8f480
Author: ksourav <sourav.kir@gmail.com>
Date: Wed Aug 17 16:01:29 2016 -0400
getrpcport: Possible buffer overflow in memcpy
The if condition, when true, can result in memcpy
overflow as source sizecan become greater than the
destination in memcpy. Modified the if condition
to prevent memcoy overflow.
Signed-off-by: ksourav <sourav.kir@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
It's difficult to write a test case for the overflow as such. I think the
function needs to fail if gethostbyname returns an unexpected address family,
or perhaps we should call getaddrinfo with AF_INET instead.
--
You are receiving this mail because:
You are on the CC list for the bug.