Dmitry, thanks for the analysis. It looks like the conversion to using gethostbyname4_r for PF_UNSPEC only was for https://sourceware.org/bugzilla/show_bug.cgi?id=14505 (glibc git commit https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8479f23aa1d5e5477a37f46823856bdafaedfa46 ). This change is in 14.04's (trusty) libc, but not 12.04 (precise).
Can people confirm that they're only seeing this on 12.04? The reason I ask is that the exact same patch for CVE-2016-3706 was applied in 14.04 as well as 12.04. Using both the testcase you posted in the upstream glibc bug report and the reproducer from upstream #14505, I am now able to reproduce this with the libc 2.15-0ubuntu10.17 from precise, and confirm that things behaved correctly with eglibc 2.15-0ubuntu10.15. I also get correct results with eglibc 2.19-0ubuntu6.11 in 14.04. At this point I'm inclined to revert the fix for CVE-2016-3706 for 12.04 as a less risky option, despite the appreciated effort you've taken, Dmitry, to come up with a patch to fix the issue. There is an eglibc package for precise that has that revert building in the ubuntu- security-proposed ppa https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/ and would very much appreciate any testing you can give it. Thanks, and my apologies for how this update has gone. ** Bug watch added: Sourceware.org Bugzilla #14505 https://sourceware.org/bugzilla/show_bug.cgi?id=14505 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-3706 ** Also affects: eglibc (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: eglibc (Ubuntu Precise) Importance: Undecided => Critical ** Changed in: eglibc (Ubuntu Precise) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1674776 Title: getaddrinfo() dont work correct with ipv4+ipv6 addreses aftrer upgrade libc6 in Ubuntu Precise Status in eglibc: New Status in eglibc package in Ubuntu: Confirmed Status in eglibc source package in Precise: In Progress Bug description: getaddrinfo() dont work correct with ipv4+ipv6 addreses aftrer upgrade libc6 in Ubuntu Precise. server has only ipv6 address. Ubuntu 12.04.5 LTS \n \l libc6 = 2.15-0ubuntu10.16 host ya.ru YA.ru has address 93.158.134.3 YA.ru has address 213.180.193.3 YA.ru has address 213.180.204.3 YA.ru has IPv6 address 2a02:6b8::3 strace -e connect nc -zv ya.ru http connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("213.180.193.3")}, 16) = -1 ENETUNREACH (Network is unreachable) connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("213.180.204.3")}, 16) = -1 ENETUNREACH (Network is unreachable) connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("93.158.134.3")}, 16) = -1 ENETUNREACH (Network is unreachable) connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("213.180.193.3")}, 16) = -1 ENETUNREACH (Network is unreachable) nc: connect to ya.ru port 80 (tcp) failed: Network is unreachable connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("213.180.204.3")}, 16) = -1 ENETUNREACH (Network is unreachable) nc: connect to ya.ru port 80 (tcp) failed: Network is unreachable connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("93.158.134.3")}, 16) = -1 ENETUNREACH (Network is unreachable) nc: connect to ya.ru port 80 (tcp) failed: Network is unreachable python -c 'import socket; print socket.getaddrinfo("ya.ru.", 0, socket.AF_UNSPEC, 0)[0][4]'; python -c 'import socket; print socket.getaddrinfo("ya.ru.", 0, socket.AF_INET6, 0)[0][4]' ('93.158.134.3', 0) ('2a02:6b8::3', 0, 0, 0) before update libc6=2.15-0ubuntu10.15 strace -e connect nc -zv ya.ru http connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 connect(3, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "2a02:6b8::3", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("93.158.134.3")}, 16) = -1 ENETUNREACH (Network is unreachable) connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("213.180.193.3")}, 16) = -1 ENETUNREACH (Network is unreachable) connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("213.180.204.3")}, 16) = -1 ENETUNREACH (Network is unreachable) connect(3, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "2a02:6b8::3", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EINPROGRESS (Operation now in progress) Connection to ya.ru 80 port [tcp/http] succeeded! python -c 'import socket; print socket.getaddrinfo("ya.ru.", 0, socket.AF_UNSPEC, 0)[0][4]'; python -c 'import socket; print socket.getaddrinfo("ya.ru.", 0, socket.AF_INET6, 0)[0][4]' ('2a02:6b8::3', 0, 0, 0) ('2a02:6b8::3', 0, 0, 0) I think problem with patch: CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=sysdeps/posix/getaddrinfo.c;h=df6ce8b13e3897f3ed47877b029da39abafe9f25;hp=d2283bcd4ad4fe7e41cf9c6ee74ec8c63ab32e34;hb=762aafec34478bcef01a16acf1959732ab8bb2b6;hpb=e97fb84811238c627f93e5e703a11eb841601947;ds=sidebyside To manage notifications about this bug go to: https://bugs.launchpad.net/eglibc/+bug/1674776/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
