Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
Package: libc6
Version: 2.19-18+deb8u1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
The glibc package is affected by the following upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=16743
When nscd is running, getaddrinfo() may return uninitialized data
leading to corruption/crashes in various programs.
The issue can be reproduced in Python:
$ python
>>> import socket
>>> socket.getaddrinfo('localhost', 22, socket.AF_INET, 0, 0,
>>> socket.AI_CANONNAME)
[(2, 1, 6, 'localhost', ('127.0.0.1', 22)), (2, 2, 17, '', ('127.0.0.1', 22)),
(2, 3, 0, '', ('127.0.0.1', 22)), (65535, 1, 6, '', (65535,
'\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 2, 17,
'', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')),
(65535, 3, 0, '', (65535,
'\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00'))]
or with an equivalent program in C:
#include
#include
#include
int main(int argc, char **argv) {
int err;
struct addrinfo hints, *result, *p;
bzero(, sizeof(struct addrinfo));
hints.ai_family = AF_INET;
hints.ai_flags = AI_CANONNAME;
err = getaddrinfo("localhost", "22", , );
if (err)
return err;
for (p = result; p; p = p->ai_next)
printf("family=%d\n", p->ai_family);
return 0;
}
$ ./a.out
family=2
family=2
family=2
family=33956
family=33956
family=33956
A patch has already been delivered upstream:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a071766ebfd853179ac39f9773f894029bf86d36
Regards,
Rémy Oudompheng.
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
control: fixed -1 2.21-0experimental1
control: severity -1 importnat
On 2015-09-10 09:23, Remy Oudompheng wrote:
> Package: libc6
> Version: 2.19-18+deb8u1
> Severity: grave
> Tags: upstream
> Justification: renders package unusable
This is clearly an important bug, but I don't think it's a grave one.
> Dear Maintainer,
>
> The glibc package is affected by the following upstream bug:
> https://sourceware.org/bugzilla/show_bug.cgi?id=16743
>
> When nscd is running, getaddrinfo() may return uninitialized data
> leading to corruption/crashes in various programs.
>
> The issue can be reproduced in Python:
>
> $ python
> >>> import socket
> >>> socket.getaddrinfo('localhost', 22, socket.AF_INET, 0, 0,
> >>> socket.AI_CANONNAME)
> [(2, 1, 6, 'localhost', ('127.0.0.1', 22)), (2, 2, 17, '', ('127.0.0.1',
> 22)), (2, 3, 0, '', ('127.0.0.1', 22)), (65535, 1, 6, '', (65535,
> '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 2, 17,
> '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')),
> (65535, 3, 0, '', (65535,
> '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00'))]
>
> or with an equivalent program in C:
>
> #include
> #include
> #include
>
> int main(int argc, char **argv) {
> int err;
> struct addrinfo hints, *result, *p;
>
> bzero(, sizeof(struct addrinfo));
> hints.ai_family = AF_INET;
> hints.ai_flags = AI_CANONNAME;
> err = getaddrinfo("localhost", "22", , );
> if (err)
> return err;
>
> for (p = result; p; p = p->ai_next)
> printf("family=%d\n", p->ai_family);
>
> return 0;
> }
>
> $ ./a.out
> family=2
> family=2
> family=2
> family=33956
> family=33956
> family=33956
>
> A patch has already been delivered upstream:
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a071766ebfd853179ac39f9773f894029bf86d36
The bug is fixed in the experimental branch. For jessie, we'll try to
include it for the next stable release.
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net
