diff options
| author | Florian Weimer <fweimer@redhat.com> | 2016-05-23 20:18:34 +0200 |
|---|---|---|
| committer | Aurelien Jarno <aurelien@aurel32.net> | 2016-05-31 11:33:20 +0200 |
| commit | 444fb8c27d9b0d1671ce1a441faf52b24305a332 (patch) | |
| tree | 12c1364b14924df331f9c138cf2cae58065a6c79 /posix/regexec.c | |
| parent | a64be6fb2f1317ce7039a4bb8638bd0c30c31e28 (diff) | |
| download | glibc-444fb8c27d9b0d1671ce1a441faf52b24305a332.tar glibc-444fb8c27d9b0d1671ce1a441faf52b24305a332.tar.gz glibc-444fb8c27d9b0d1671ce1a441faf52b24305a332.tar.bz2 glibc-444fb8c27d9b0d1671ce1a441faf52b24305a332.zip | |
CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]
The call is technically in a loop, and under certain circumstances
(which are quite difficult to reproduce in a test case), alloca
can be invoked repeatedly during a single call to clntudp_call.
As a result, the available stack space can be exhausted (even
though individual alloca sizes are bounded implicitly by what
can fit into a UDP packet, as a side effect of the earlier
successful send operation).
(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c)
Diffstat (limited to 'posix/regexec.c')
0 files changed, 0 insertions, 0 deletions