[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE Request: glibc getaddrinfo() stack overflow
From:       Florian Weimer <fweimer () redhat ! com>
Date:       2013-08-22 7:18:59
Message-ID: 5215BB63.80202 () redhat ! com
[Download RAW message or body]

On 07/04/2013 09:06 PM, Maksymilian wrote:
>> Perhaps there are some missing CVE ids?
>
> In 2011 the problem with alloca() was not defined as a vulnerability.
>
> http://sourceware.org/bugzilla/show_bug.cgi?id=12671

I believe the analysis in this bug report is incorrect.  The security 
implications are unclear.  A straight copy of a long name to a stack 
buffer should trigger a crash because it hits the guard page, but even 
that could be a problem for daemons.

On the other hand, it's impossible to know for sure that no GCC version 
ever lays out the stack in such a way that we end up with a problem. 
Multi-threaded programs linking in script interpreters are more exposed 
to these problems, too.

-- 
Florian Weimer / Red Hat Product Security Team
[prev in list] [next in list] [prev in thread] [next in thread]