[PATCH] Fix use-after-free bug in __dns_lookup.
Bernhard Reutner-Fischer
rep.dot.nop at gmail.com
Wed Mar 31 14:29:51 UTC 2010
On Tue, Mar 23, 2010 at 09:18:21AM +0100, Gabor Juhos wrote:
>If the type of the first answer does not match with the requested type,
>then the dotted name will be freed. If there are no further answers in
>the DNS reply, this pointer will be used later on in the same function.
>Additionally it is passed to the caller, and may cause strange behaviour.
>
>For example, the following busybox commands are triggering a segmentation
>fault with uClibc 0.9.30.x
I cannot reproduce this with attached test program with 0.9.31-rc1 (or
current master)?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gethostbyname.c
Type: text/x-csrc
Size: 1535 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/uclibc/attachments/20100331/62f051d4/attachment.c>
More information about the uClibc
mailing list