Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
Package: libc6 Version: 2.19-18+deb8u1 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, The glibc package is affected by the following upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16743 When nscd is running, getaddrinfo() may return uninitialized data leading to corruption/crashes in various programs. The issue can be reproduced in Python: $ python >>> import socket >>> socket.getaddrinfo('localhost', 22, socket.AF_INET, 0, 0, >>> socket.AI_CANONNAME) [(2, 1, 6, 'localhost', ('127.0.0.1', 22)), (2, 2, 17, '', ('127.0.0.1', 22)), (2, 3, 0, '', ('127.0.0.1', 22)), (65535, 1, 6, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 2, 17, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 3, 0, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00'))] or with an equivalent program in C: #include #include #include int main(int argc, char **argv) { int err; struct addrinfo hints, *result, *p; bzero(, sizeof(struct addrinfo)); hints.ai_family = AF_INET; hints.ai_flags = AI_CANONNAME; err = getaddrinfo("localhost", "22", , ); if (err) return err; for (p = result; p; p = p->ai_next) printf("family=%d\n", p->ai_family); return 0; } $ ./a.out family=2 family=2 family=2 family=33956 family=33956 family=33956 A patch has already been delivered upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a071766ebfd853179ac39f9773f894029bf86d36 Regards, Rémy Oudompheng. -- System Information: Debian Release: 8.2 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
control: fixed -1 2.21-0experimental1 control: severity -1 importnat On 2015-09-10 09:23, Remy Oudompheng wrote: > Package: libc6 > Version: 2.19-18+deb8u1 > Severity: grave > Tags: upstream > Justification: renders package unusable This is clearly an important bug, but I don't think it's a grave one. > Dear Maintainer, > > The glibc package is affected by the following upstream bug: > https://sourceware.org/bugzilla/show_bug.cgi?id=16743 > > When nscd is running, getaddrinfo() may return uninitialized data > leading to corruption/crashes in various programs. > > The issue can be reproduced in Python: > > $ python > >>> import socket > >>> socket.getaddrinfo('localhost', 22, socket.AF_INET, 0, 0, > >>> socket.AI_CANONNAME) > [(2, 1, 6, 'localhost', ('127.0.0.1', 22)), (2, 2, 17, '', ('127.0.0.1', > 22)), (2, 3, 0, '', ('127.0.0.1', 22)), (65535, 1, 6, '', (65535, > '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 2, 17, > '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), > (65535, 3, 0, '', (65535, > '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00'))] > > or with an equivalent program in C: > > #include > #include > #include > > int main(int argc, char **argv) { > int err; > struct addrinfo hints, *result, *p; > > bzero(, sizeof(struct addrinfo)); > hints.ai_family = AF_INET; > hints.ai_flags = AI_CANONNAME; > err = getaddrinfo("localhost", "22", , ); > if (err) > return err; > > for (p = result; p; p = p->ai_next) > printf("family=%d\n", p->ai_family); > > return 0; > } > > $ ./a.out > family=2 > family=2 > family=2 > family=33956 > family=33956 > family=33956 > > A patch has already been delivered upstream: > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a071766ebfd853179ac39f9773f894029bf86d36 The bug is fixed in the experimental branch. For jessie, we'll try to include it for the next stable release. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net