Bug#798515: libc6: getaddrinfo returns garbage when nscd is running

To: Remy Oudompheng <oudomphe@phare.normalesup.org>, 798515@bugs.debian.org
Subject: Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Thu, 10 Sep 2015 12:01:20 +0200
Message-id: <[🔎] 20150910100120.GB21988@aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 798515@bugs.debian.org
In-reply-to: <[🔎] 20150910072308.3474191.90037.reportbug@phare.normalesup.org>
References: <[🔎] 20150910072308.3474191.90037.reportbug@phare.normalesup.org>

control: fixed -1 2.21-0experimental1
control: severity -1 importnat

On 2015-09-10 09:23, Remy Oudompheng wrote:
> Package: libc6
> Version: 2.19-18+deb8u1
> Severity: grave
> Tags: upstream
> Justification: renders package unusable

This is clearly an important bug, but I don't think it's a grave one.

> Dear Maintainer,
> 
> The glibc package is affected by the following upstream bug:
>   https://sourceware.org/bugzilla/show_bug.cgi?id=16743
> 
> When nscd is running, getaddrinfo() may return uninitialized data
> leading to corruption/crashes in various programs.
> 
> The issue can be reproduced in Python:
> 
> $ python
> >>> import socket
> >>> socket.getaddrinfo('localhost', 22, socket.AF_INET, 0, 0, socket.AI_CANONNAME)
> [(2, 1, 6, 'localhost', ('127.0.0.1', 22)), (2, 2, 17, '', ('127.0.0.1', 22)), (2, 3, 0, '', ('127.0.0.1', 22)), (65535, 1, 6, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 2, 17, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00')), (65535, 3, 0, '', (65535, '\x00\x16\x00\x90\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00'))]
> 
> or with an equivalent program in C:
> 
> #include <string.h>
> #include <stdio.h>
> #include <netdb.h>
> 
> int main(int argc, char **argv) {
>   int err;
>   struct addrinfo hints, *result, *p;
> 
>   bzero(&hints, sizeof(struct addrinfo));
>   hints.ai_family = AF_INET;
>   hints.ai_flags = AI_CANONNAME;
>   err = getaddrinfo("localhost", "22", &hints, &result);
>   if (err)
>     return err;
> 
>   for (p = result; p; p = p->ai_next)
>     printf("family=%d\n", p->ai_family);
> 
>   return 0;
> }
> 
> $ ./a.out
> family=2
> family=2
> family=2
> family=33956
> family=33956
> family=33956
> 
> A patch has already been delivered upstream:
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a071766ebfd853179ac39f9773f894029bf86d36

The bug is fixed in the experimental branch. For jessie, we'll try to
include it for the next stable release.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

References:
- Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
  - From: Remy Oudompheng <oudomphe@phare.normalesup.org>

Prev by Date: Processed (with 1 errors): Re: Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
Next by Date: Processed: severity of 798515 is important
Previous by thread: Processed (with 1 errors): Re: Bug#798515: libc6: getaddrinfo returns garbage when nscd is running
Next by thread: Bug#798515: marked as done (libc6: getaddrinfo returns garbage when nscd is running)
Index(es):
- Date
- Thread