This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/12671] multiple vulnerabilities in netdb.h/aliases.h/glob.h


http://sourceware.org/bugzilla/show_bug.cgi?id=12671

--- Comment #3 from Max <max at cxib dot net> 2011-05-26 05:31:13 UTC ---
I have once again analized problems in netdb. The difference between a gnu and
netbsd is such that NetBSD seems to be vulnerable to stack overflow. I was
unable to reproduce this on Linux. The reason is simple because NetBSD is based
on another code.

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/net/getservbyname_r.c
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/net/getservbyport_r.c

Anyway, in my opinion, we should do something with alloca() calls. Certainly
limit the use of the stack to store data.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]