Bug 848748
Summary: | Malformed xdr request causes reading uninitialize memory and can cause huge memory leaks | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Honza Horak <hhorak> | ||||||
Component: | glibc | Assignee: | Patsy Griffin <pfrankli> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Arjun Shankar <ashankar> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 6.4 | CC: | ashankar, codonell, fweimer, jmontleo, mfranc, scorneli | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: |
A defect in the library made it possible for a corrupt NIS request to cause the library to allocate unbounded amounts of memory and eventually crash. The library has been fixed to limit the size of NIS records to at most 16MB and no longer crashes when processing corrupt NIS requests. It is possible that some configurations with very large NIS maps may no longer work if those maps exceed the new NIS record maximum of 16MB.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2013-11-21 10:39:57 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 892777 | ||||||||
Bug Blocks: | 845283, 852661 | ||||||||
Attachments: |
|
Description
Honza Horak
2012-08-16 10:55:47 UTC
Created attachment 604885 [details]
malformed request that can cause huge memory allocations
Use this like this (having ypserv listening for UDP on 192.168.122.70:788:
cat ypserv-packet-bin |nc -u 192.168.122.70 788
Created attachment 604886 [details]
proposed patch that uses sane limits while parsing xdr request
Resetting flags for 6.5 consideration. This approach causes problems with the slapi-nis plugin in IPA. https://bugzilla.redhat.com/show_bug.cgi?id=892777 We'll be looking at this issue as part of the review process for the next release. We'll keep the issue updated. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-1605.html |