[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2018-19591: glibc if_nametoindex may not close descriptor
From:       Florian Weimer <fweimer () redhat ! com>
Date:       2018-11-27 21:04:31
Message-ID: 87tvk29qqo.fsf () oldenburg ! str ! redhat ! com
[Download RAW message or body]

Guido Vranken reported that the glibc implementation of if_nametoindex
would not close an internal descriptor when processing a long interface
name.  This error condition can be triggered via the getaddrinfo
function (and at least one HTTP client library).

  <https://sourceware.org/bugzilla/show_bug.cgi?id=23927>

Fixed with this upstream commit:

commit d527c860f5a3f0ed687bd03f0cb464612dc23408
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Nov 27 16:12:43 2018 +0100

    CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]

The vulnerability was introduced in commit
2180fee114b778515b3f560e5ff1e795282e60b0 ("Check length of ifname before
copying it into to ifreq structure."), fixing bug 22442 for glibc 2.27.
Since this addressed a compiler warning with GCC 8, this commit was
backported to quite a few release branches.

Thanks,
Florian
[prev in list] [next in list] [prev in thread] [next in thread]