From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org>
To: Carlos O'Donell <carlos@redhat.com>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH 07/30] resolv: Move ns_name_skip to its own file and into libc
Date: Thu, 15 Jul 2021 08:53:27 +0200 [thread overview]
Message-ID: <87wnps83vc.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <022e1166-6fcd-d9cb-fcd7-f42043490077@redhat.com> (Carlos O'Donell's message of "Thu, 15 Jul 2021 01:00:29 -0400")
* Carlos O'Donell:
> OK. This is different from the original code in that this new refactored
> code will advance indefinately if n continues to be non-zero. The old code
> terminated the while loop with 'cp >= eom' and that would happen as cp
> was advanced by the case statements. Every valid message should have
> ended before or at eom, so one can't say this change is wrong. The old
> code would have exited the while loop after the first advance of cp
> at or past eom. If we stopped at eom but *cp contained a non-zero value
> then we should technically have kept processing, but we didn't, and
> didn't return an error (EMSGSIZE). Therefore I think this change is more
> accurate in that it catches this corner case.
Uh-oh, I think you have just caught a security vulnerability.
This needs to be fixed, I will repost.
Thanks,
Florian
next prev parent reply other threads:[~2021-07-15 6:53 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-08 14:59 [PATCH v2 00/30] nss_dns move into libc Florian Weimer via Libc-alpha
2021-07-08 14:59 ` [PATCH 01/30] socket: Add hidden prototype for setsockopt Florian Weimer via Libc-alpha
2021-07-08 18:02 ` Adhemerval Zanella via Libc-alpha
2021-07-15 4:59 ` Carlos O'Donell via Libc-alpha
2021-07-08 14:59 ` [PATCH 02/30] resolv: Deprecate legacy interfaces in <resolv.h> Florian Weimer via Libc-alpha
2021-07-08 18:32 ` Adhemerval Zanella via Libc-alpha
2021-07-15 4:59 ` Carlos O'Donell via Libc-alpha
2021-07-08 14:59 ` [PATCH 03/30] resolv: Sort Makefile routines and Versions lexicographically Florian Weimer via Libc-alpha
2021-07-08 18:33 ` Adhemerval Zanella via Libc-alpha
2021-07-15 4:59 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:00 ` [PATCH 04/30] nss_dns: Do not use deprecated packet parsing functions Florian Weimer via Libc-alpha
2021-07-15 5:00 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:00 ` [PATCH 05/30] resolv: Move ns_name_ntop to its own file and into libc Florian Weimer via Libc-alpha
2021-07-15 5:00 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:00 ` [PATCH 06/30] resolv: Move ns_name_unpack " Florian Weimer via Libc-alpha
2021-07-15 5:00 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:00 ` [PATCH 07/30] resolv: Move ns_name_skip " Florian Weimer via Libc-alpha
2021-07-15 5:00 ` Carlos O'Donell via Libc-alpha
2021-07-15 6:53 ` Florian Weimer via Libc-alpha [this message]
2021-07-08 15:00 ` [PATCH 08/30] resolv: Move ns_name_uncompress into " Florian Weimer via Libc-alpha
2021-07-15 5:00 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:01 ` [PATCH 09/30] resolv: Move ns_name_pton " Florian Weimer via Libc-alpha
2021-07-15 5:00 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:01 ` [PATCH 10/30] resolv: Move ns_name_pack " Florian Weimer via Libc-alpha
2021-07-15 5:00 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:01 ` [PATCH 11/30] resolv: Move ns_name_compress " Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:02 ` [PATCH 12/30] resolv: Move dn_expand to " Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:02 ` [PATCH 13/30] resolv: Move _getlong, _getshort, __putlong, __putshort to res-putget Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:03 ` [PATCH 14/30] resolv: Move dn_comp to its own file and into libc Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:03 ` [PATCH 15/30] resolv: Move dn_skipname " Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:03 ` [PATCH 16/30] resolv: Rename res_comp.c to res-name-checking.c and move " Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:04 ` [PATCH 17/30] resolv: Remove unnecessary res_isourserver_p call from send_dg Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:04 ` [PATCH 18/30] resolv: Move __res_get_nsaddr to its own file and into libc Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:05 ` [PATCH 19/30] resolv: Move res_isourserver to its own file and reformat to GNU style Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:05 ` [PATCH 20/30] resolv: Move ns_makecanon into its own file, and into libc Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:05 ` [PATCH 21/30] resolv: Move ns_samename " Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:05 ` [PATCH 22/30] resolv: Move res_nameinquery to its own file " Florian Weimer via Libc-alpha
2021-07-15 5:01 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:06 ` [PATCH 23/30] resolv: Move res_queriesmatch " Florian Weimer via Libc-alpha
2021-07-15 5:02 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:06 ` [PATCH 24/30] resolv: Move __res_context_hostalias into " Florian Weimer via Libc-alpha
2021-07-15 5:02 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:06 ` [PATCH 25/30] resolv: Move res_hostalias into its own file, along with hostalias Florian Weimer via Libc-alpha
2021-07-15 5:02 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:06 ` [PATCH 26/30] resolv: Move res_send, res_nsend into libc Florian Weimer via Libc-alpha
2021-07-15 5:02 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:06 ` [PATCH 27/30] resolv: Move res_mkquery, res_nmkquery " Florian Weimer via Libc-alpha
2021-07-15 5:02 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:07 ` [PATCH 28/30] resolv: Move res_query functions " Florian Weimer via Libc-alpha
2021-07-15 5:02 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:07 ` [PATCH 29/30] resolv: Move nss_dns " Florian Weimer via Libc-alpha
2021-07-15 5:02 ` Carlos O'Donell via Libc-alpha
2021-07-08 15:07 ` [PATCH 30/30] nss: Directly load nss_dns, without going through dlsym/dlopen Florian Weimer via Libc-alpha
2021-07-08 15:42 ` Florian Weimer via Libc-alpha
2021-07-15 5:02 ` Carlos O'Donell via Libc-alpha
2021-07-15 7:09 ` Florian Weimer via Libc-alpha
2021-07-15 12:21 ` Carlos O'Donell via Libc-alpha
2021-07-15 4:58 ` [PATCH v2 00/30] nss_dns move into libc Carlos O'Donell via Libc-alpha
-- strict thread matches above, loose matches on Subject: below --
2021-07-02 18:47 [PATCH 00/30] Move nss_dns " Florian Weimer via Libc-alpha
2021-07-02 18:48 ` [PATCH 07/30] resolv: Move ns_name_skip to its own file and " Florian Weimer via Libc-alpha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wnps83vc.fsf@oldenburg.str.redhat.com \
--to=libc-alpha@sourceware.org \
--cc=carlos@redhat.com \
--cc=fweimer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).