diff options
| author | Florian Weimer <fweimer@redhat.com> | 2019-01-21 21:26:03 +0100 |
|---|---|---|
| committer | Pranav Kant <prka@google.com> | 2024-01-12 23:19:48 +0000 |
| commit | 66bec53f073ca8ef6ac138dfe22ae9af7ce1d9db (patch) | |
| tree | f8c72a31beaa43b4b06c86f2e3a473a7388a5ec4 /NEWS | |
| parent | 2b1ebe408afc572f61de4622739f7dae279e442d (diff) | |
| download | glibc-66bec53f073ca8ef6ac138dfe22ae9af7ce1d9db.zip glibc-66bec53f073ca8ef6ac138dfe22ae9af7ce1d9db.tar.gz glibc-66bec53f073ca8ef6ac138dfe22ae9af7ce1d9db.tar.bz2 | |
CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings [BZ #20018]
Some tests in original commit are not included because they depend on headers that
are not present in GRTEv5 branch.
The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).
This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).
To avoid sending the problematic query names over DNS, commit
6ca53a2453598804a2559a548a08424fca96434a ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -28,6 +28,10 @@ Deprecated and removed features, and other changes affecting compatibility: Security related changes: + CVE-2016-10739: The getaddrinfo function could successfully parse IPv4 + addresses with arbitrary trailing characters, potentially leading to data + or command injection issues in applications. + CVE-2017-18269: An SSE2-based memmove implementation for the i386 architecture could corrupt memory. Reported by Max Horn. |