From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-bounces+e=80x24.org@sourceware.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS17314 8.43.84.0/22
X-Spam-Status: No, score=-4.3 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham
	autolearn_force=no version=3.4.2
Received: from sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id 65E841F8C6
	for <e@80x24.org>; Thu, 15 Jul 2021 06:53:58 +0000 (UTC)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 0EF3239DC4DB
	for <e@80x24.org>; Thu, 15 Jul 2021 06:53:57 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0EF3239DC4DB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1626332037;
	bh=rljM+ADDCR5sdd3U4EFbGZh2RXrb4jnDJfk6R0HFVvM=;
	h=To:Subject:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=aEWhPQwQgzNbLYFmcRSzkjy7197erqXbQ1oaiPrZIroJkagZ/scKiOE2aDuqmtJ/3
	 xPJeoOddn1hD1GBOG1iEM0P7h8I4idQYjUz7gqdV9udaui7ih3LIvbQ4aDe1+ti09I
	 Rr2+1ONG9OWLr79UKWwFhxs8X6kce6OQ+4c5KeVA=
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by sourceware.org (Postfix) with ESMTP id 9681438515DD
 for <libc-alpha@sourceware.org>; Thu, 15 Jul 2021 06:53:36 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9681438515DD
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-515-nV7iTn7lMym5UxZ0HxQARA-1; Thu, 15 Jul 2021 02:53:35 -0400
X-MC-Unique: nV7iTn7lMym5UxZ0HxQARA-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1EA0719057A0
 for <libc-alpha@sourceware.org>; Thu, 15 Jul 2021 06:53:34 +0000 (UTC)
Received: from oldenburg.str.redhat.com (ovpn-112-73.phx2.redhat.com
 [10.3.112.73])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id ADA7B5D9C6;
 Thu, 15 Jul 2021 06:53:29 +0000 (UTC)
To: Carlos O'Donell <carlos@redhat.com>
Subject: Re: [PATCH 07/30] resolv: Move ns_name_skip to its own file and
 into libc
References: <cover.1625755445.git.fweimer@redhat.com>
 <70be208b16e576a588951761400b84bcbf890975.1625755445.git.fweimer@redhat.com>
 <022e1166-6fcd-d9cb-fcd7-f42043490077@redhat.com>
Date: Thu, 15 Jul 2021 08:53:27 +0200
In-Reply-To: <022e1166-6fcd-d9cb-fcd7-f42043490077@redhat.com> (Carlos
 O'Donell's message of "Thu, 15 Jul 2021 01:00:29 -0400")
Message-ID: <87wnps83vc.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org>
Reply-To: Florian Weimer <fweimer@redhat.com>
Cc: libc-alpha@sourceware.org
Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces+e=80x24.org@sourceware.org>

* Carlos O'Donell:

> OK. This is different from the original code in that this new refactored
> code will advance indefinately if n continues to be non-zero. The old code
> terminated the while loop with 'cp >= eom' and that would happen as cp
> was advanced by the case statements. Every valid message should have
> ended before or at eom, so one can't say this change is wrong. The old
> code would have exited the while loop after the first advance of cp
> at or past eom. If we stopped at eom but *cp contained a non-zero value
> then we should technically have kept processing, but we didn't, and
> didn't return an error (EMSGSIZE). Therefore I think this change is more
> accurate in that it catches this corner case.

Uh-oh, I think you have just caught a security vulnerability.

This needs to be fixed, I will repost.

Thanks,
Florian