Dmitry, thanks for the analysis. It looks like the conversion to using gethostbyname4_r for PF_UNSPEC only was for https://sourceware.org/bugzilla/show_bug.cgi?id=14505 (glibc git commit https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8479f23aa1d5e5477a37f46823856bdafaedfa46 ). This change is in 14.04's (trusty) libc, but not 12.04 (precise).
Can people confirm that they're only seeing this on 12.04? The reason I ask is that the exact same patch for CVE-2016-3706 was applied in 14.04 as well as 12.04. Using both the testcase you posted in the upstream glibc bug report and the reproducer from upstream #14505, I am now able to reproduce this with the libc 2.15-0ubuntu10.17 from precise, and confirm that things behaved correctly with eglibc 2.15-0ubuntu10.15. I also get correct results with eglibc 2.19-0ubuntu6.11 in 14.04. At this point I'm inclined to revert the fix for CVE-2016-3706 for 12.04 as a less risky option, despite the appreciated effort you've taken, Dmitry, to come up with a patch to fix the issue. There is an eglibc package for precise that has that revert building in the ubuntu- security-proposed ppa https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/ and would very much appreciate any testing you can give it. Thanks, and my apologies for how this update has gone. ** Bug watch added: Sourceware.org Bugzilla #14505 https://sourceware.org/bugzilla/show_bug.cgi?id=14505 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-3706 ** Also affects: eglibc (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: eglibc (Ubuntu Precise) Importance: Undecided => Critical ** Changed in: eglibc (Ubuntu Precise) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674776 Title: getaddrinfo() dont work correct with ipv4+ipv6 addreses aftrer upgrade libc6 in Ubuntu Precise To manage notifications about this bug go to: https://bugs.launchpad.net/eglibc/+bug/1674776/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
