From 7cbcdb3699584db8913ca90f705d6337633ee10f Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Fri, 25 Oct 2013 10:22:12 +0530 Subject: Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 85cc5da..05a8f05 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2013-10-25 Siddhesh Poyarekar + + [BZ #16072] + * sysdeps/posix/getaddrinfo.c (gethosts): Allocate tmpbuf on + heap for large requests. + 2013-10-25 Aurelien Jarno [BZ #9954] -- cgit v1.1