This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Fix stack overflow in getaddrinfo with many results
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 03 Apr 2013 10:14:59 -0400
- Subject: Re: [PATCH] Fix stack overflow in getaddrinfo with many results
- References: <mvm4nfnai0u dot fsf at hawking dot suse dot de>
On 04/03/2013 08:57 AM, Andreas Schwab wrote:
> Since struct sort_results is rather big this can overflow the stack
> pretty fast.
>
> Andreas.
>
> [BZ #15330]
> * sysdeps/posix/getaddrinfo.c (getaddrinfo): Allocate results and
> order arrays from heap if bigger than alloca cutoff.
I don't see a CVE # for this yet, but the request is here:
http://www.openwall.com/lists/oss-security/2013/04/03/2
Could you please add the CVE# to the NEWS file when it gets one?
I think we want to clearly show in the NEWS that we fixed CVEs.
Could you also add CVE-2013-0242 to NEWS (already fixed by you
on Jan 29th)?
Cheers,
Carlos.