Public bug reported:
Programs using getaddrinfo will segfault downstack of the call in limited
circumstances.
We have limited this crash to a specific situation, some of these
details may not be relevant to the problem but are included in case they
are:
- getaddrinfo makes two requests, A and AAAA, using UDP
- At least one of the replies to the two requests is truncated
- getaddrinfo makes two additional requests, A and AAAA, using TCP
- At least one of the the replies to the two TCP requests has an empty answer
section
- For example, the response comes back with a REFUSED or SERVFAIL
- Even a NOERROR with an empty answer section will cause this crash
Sample gai call:
struct addrinfo* results;
int ec = getaddrinfo(host.c_str(), "", nullptr, &results);
This is difficult to reproduce without being able to control the replies
yourself since downstream must give a negative answer on the TCP after
answering the UDP. (This can happen, the downstream server can decide not to
answer for any number of policy reasons.)
Using 18.04.5. glibc version is 2.27.
** Affects: glibc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1945072
Title:
getaddrinfo crashes on negative answers after Truncated retry
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1945072/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
