[PATCH] Fix use-after-free bug in __dns_lookup.
Gabor Juhos
juhosg at openwrt.org
Fri Apr 2 17:28:01 UTC 2010
Bernhard Reutner-Fischer írta:
> On Tue, Mar 23, 2010 at 09:18:21AM +0100, Gabor Juhos wrote:
>> If the type of the first answer does not match with the requested type,
>> then the dotted name will be freed. If there are no further answers in
>> the DNS reply, this pointer will be used later on in the same function.
>> Additionally it is passed to the caller, and may cause strange behaviour.
>>
>> For example, the following busybox commands are triggering a segmentation
>> fault with uClibc 0.9.30.x
>
> I cannot reproduce this with attached test program with 0.9.31-rc1 (or
> current master)?
Thanks for your response.
Unfortunately your test program does not trigger the segmentation fault on
0.9.30.1. Now that 0.9.31 is out, i will try that.
Thanks,
Gabor
More information about the uClibc
mailing list