I don’t understand. Why does glibc gethostbyname need to hit the heap at all? There’s a max host length, not huge. https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/digits_dots.c;hb=HEAD …
@tqbf Maximum DNS response is 64K, which translates to about 5k hostent structs for A records. Each can also generate about 400 aliases.
-
-
@colmmacc Yes, that’s true, but not applicable to this particular vulnerable function, right? -
@tqbf I think it is for the aliases, 100s of those can be allocated in the hostents and they come from this function (lines 126-129). - 1 more reply
New conversation -
-
-
@colmmacc The bug is in code that validates conformity to 1 of 2 fixed-size formats.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.