Segfault in getifaddrs_internal in glibc-2.20
diff mbox

Message ID 5413EA84.3060901@archlinux.org
State New
Headers show

Commit Message

Allan McRae Sept. 13, 2014, 6:56 a.m. UTC
Hi,

An Arch Linux user has encountered a segfault in getifaddrs_internal:
https://sourceware.org/bugzilla/show_bug.cgi?id=17371

This patch is posted there:



This seems to fix the issue for them.  After looking at the code for a
long time, I am still not sure if this is the correct fix.  Can anyone
confirm/deny?

Thanks,
Allan

Comments

Florian Weimer Sept. 13, 2014, 12:22 p.m. UTC | #1
On 09/13/2014 08:56 AM, Allan McRae wrote:

> An Arch Linux user has encountered a segfault in getifaddrs_internal:
> https://sourceware.org/bugzilla/show_bug.cgi?id=17371

I can't quite wrap my head around this issue.  Can this result in memory 
corruption and has potential security impact?  Thanks.
Andreas Schwab Sept. 13, 2014, 12:39 p.m. UTC | #2
Florian Weimer <fweimer@redhat.com> writes:

> On 09/13/2014 08:56 AM, Allan McRae wrote:
>
>> An Arch Linux user has encountered a segfault in getifaddrs_internal:
>> https://sourceware.org/bugzilla/show_bug.cgi?id=17371
>
> I can't quite wrap my head around this issue.  Can this result in memory
> corruption and has potential security impact?  Thanks.

It's effectively the same issue as 15698.

Andreas.

Patch
diff mbox

diff --git a/sysdeps/unix/sysv/linux/ifaddrs.c
b/sysdeps/unix/sysv/linux/ifaddrs.c
index 2c04e17..1fa4960 100644
--- a/sysdeps/unix/sysv/linux/ifaddrs.c
+++ b/sysdeps/unix/sysv/linux/ifaddrs.c
@@ -774,7 +774,7 @@  getifaddrs_internal (struct ifaddrs **ifap)
 		      unsigned int preflen;

 		      if ((max_prefixlen > 0) &&
-			  (ifam->ifa_prefixlen > max_prefixlen))
+			  (max_prefixlen > ifam->ifa_prefixlen))
 			preflen = max_prefixlen;
 		      else
 			preflen = ifam->ifa_prefixlen;