This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]

From: Andreas Schwab <schwab at suse dot de>
To: fweimer at redhat dot com (Florian Weimer)
Cc: libc-alpha at sourceware dot org
Date: Thu, 19 May 2016 13:53:28 +0200
Subject: Re: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]
Authentication-results: sourceware.org; auth=none
References: <20160519110545 dot ED146400FD12E at oldenburg dot str dot redhat dot com>

fweimer@redhat.com (Florian Weimer) writes:

> The call is technically in a loop, and under certain circumstances
> (which are quite difficult to reproduce in a test case), alloca
> can be invoked repeatedly during a single call to clntudp_call.
> As a result, the available stack space can be exhausted (even
> though individual alloca sizes are bounded implicitly by what
> can fit into a UDP packet, as a side effect of the earlier
> successful send operation).

If you use a VLA you can avoid that.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Follow-Ups:
- Re: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]
  - From: Florian Weimer

References:
- [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]