Fix stack overflow due to large AF_INET6 requestsarchlinux/2.18/master

Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. (cherry picked from commit 7cbcdb3699584db8913ca90f705d6337633ee10f) Conflicts: NEWS
author: Siddhesh Poyarekar <siddhesh@redhat.com> 2013-10-25 10:22:12 +0530
committer: Allan McRae <allan@archlinux.org> 2013-10-25 23:59:00 +1000
commit: 0b0e50ce9efe2fec10e147eddba4f0802235a042 (patch)
tree: fee0b57716e3c388721f61b73059fbd5f96dbb28 /ChangeLog
parent: 54377921e7092f709c6a5985688769404637055f (diff)
download: glibc-archlinux/2.18/master.tar.xz
glibc-archlinux/2.18/master.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 3b61bc8ce7..1bb856896b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-10-25  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16072]
+	* sysdeps/posix/getaddrinfo.c (gethosts): Allocate tmpbuf on
+	heap for large requests.
+
 2013-10-25  Aurelien Jarno  <aurelien@aurel32.net>
 
 	[BZ #9954]
author	Siddhesh Poyarekar <siddhesh@redhat.com>	2013-10-25 10:22:12 +0530
committer	Allan McRae <allan@archlinux.org>	2013-10-25 23:59:00 +1000
commit	0b0e50ce9efe2fec10e147eddba4f0802235a042 (patch)
tree	fee0b57716e3c388721f61b73059fbd5f96dbb28 /ChangeLog
parent	54377921e7092f709c6a5985688769404637055f (diff)
download	glibc-archlinux/2.18/master.tar.xz glibc-archlinux/2.18/master.zip