Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
Package: libc6
Version: 2.19-18+deb8u1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
The glibc package is affected by the following upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=16743
When nscd is running, getaddrinfo() may return uninitialized data
leading to corruption/crashes in various programs.
The issue can be reproduced in Python:
$ python
>>> import socket
>>> socket.getaddrinfo('localhost', 22, socket.AF_INET, 0, 0, socket.AI_CANONNAME)
[(2, 1, 6, 'localhost', ('127.0.0.1', 22)), (2, 2, 17, '', ('127.0.0.1', 22)), (2, 3, 0, '', ('127.0.0.1', 22)), (65535, 1, 6, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 2, 17, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 3, 0, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00'))]
or with an equivalent program in C:
#include <string.h>
#include <stdio.h>
#include <netdb.h>
int main(int argc, char **argv) {
int err;
struct addrinfo hints, *result, *p;
bzero(&hints, sizeof(struct addrinfo));
hints.ai_family = AF_INET;
hints.ai_flags = AI_CANONNAME;
err = getaddrinfo("localhost", "22", &hints, &result);
if (err)
return err;
for (p = result; p; p = p->ai_next)
printf("family=%d\n", p->ai_family);
return 0;
}
$ ./a.out
family=2
family=2
family=2
family=33956
family=33956
family=33956
A patch has already been delivered upstream:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a071766ebfd853179ac39f9773f894029bf86d36
Regards,
Rémy Oudompheng.
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: