aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2016-04-29 10:35:34 +0200
committerFlorian Weimer <fweimer@redhat.com>2016-04-29 10:35:34 +0200
commit4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 (patch)
treeb67c8017a8c64a89dcdf4649965246fc2920f03c /ChangeLog
parent137fe72eca6923a00381a3ca9f0e7672c1f85e3f (diff)
downloadglibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.tar
glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.tar.gz
glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.tar.bz2
glibc-4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9.zip
CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010]
When converting a struct hostent response to struct gaih_addrtuple, the gethosts macro (which is called from gaih_inet) used alloca, without malloc fallback for large responses. This commit changes this code to use calloc unconditionally. This commit also consolidated a second hostent-to-gaih_addrtuple conversion loop (in gaih_inet) to use the new conversion function.
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog10
1 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 1a6ad84aea..768c0a0d02 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2016-04-29 Florian Weimer <fweimer@redhat.com>
+ [BZ #20010]
+ CVE-2016-3706
+ * sysdeps/posix/getaddrinfo.c
+ (convert_hostent_to_gaih_addrtuple): New function.
+ (gethosts): Call convert_hostent_to_gaih_addrtuple.
+ (gaih_inet): Use convert_hostent_to_gaih_addrtuple to convert
+ AF_INET data.
+
+2016-04-29 Florian Weimer <fweimer@redhat.com>
+
glob: Simplify and document the interface for the GLOB_ALTDIRFUNC
callback function gl_readdir.
* posix/glob.c (NAMELEN, CONVERT_D_NAMLEN): Remove.
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-30 16:29:13 +0000