Bug 1324568 - glibc: getent returns dud entry when nscd enabled
Summary: glibc: getent returns dud entry when nscd enabled
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: glibc
Version: 7.2
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: rc
: ---
Assignee: Florian Weimer
QA Contact: Sergey Kolosov
Vladimír Slávik
URL:
Whiteboard:
: 1339925 (view as bug list)
Depends On:
Blocks: 1298243 1390370 1436312
TreeView+ depends on / blocked
 
Reported: 2016-04-06 15:55 UTC by Martin Poole
Modified: 2020-12-11 12:08 UTC (History)
14 users (show)

Fixed In Version: glibc-2.17-165.el7
Doc Type: Bug Fix
Doc Text:
*getaddrinfo* no longer accessing uninitialised data On systems with the *nscd* daemon enabled, the `getaddrinfo()` function in the *glibc* library could access uninitialized data and consequently could return false address information. This update prevents uninitialized data access and ensures that correct addresses are returned.
Clone Of:
: 1436312 (view as bug list)
Environment:
Last Closed: 2017-08-01 18:06:55 UTC
Target Upstream Version:

Attachments (Terms of Use)
dns capture (772 bytes, application/octet-stream)
2016-04-06 15:58 UTC, Martin Poole 		no flags Details
copy of hosts db after bad lookup (401 bytes, application/x-gzip)
2016-04-06 15:58 UTC, Martin Poole 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1223095 0 medium CLOSED access to uninitialized memory in getaddrinfo if nscd is running 2021-02-22 00:41:40 UTC
Red Hat Knowledge Base (Solution) 2345361 0 None None None 2016-05-30 15:24:29 UTC
Red Hat Product Errata RHSA-2017:1916 0 normal SHIPPED_LIVE Moderate: glibc security, bug fix, and enhancement update 2017-08-01 18:05:43 UTC
Sourceware 16743 0 P2 RESOLVED getaddrinfo uses uninitialized data when processing nscd answer 2020-01-21 13:56:04 UTC

Internal Links: 1223095

Description Martin Poole 2016-04-06 15:55:54 UTC 
Description of problem:

getent ahostsv4 www.google.com
216.58.213.132  STREAM www.google.com
216.58.213.132  DGRAM
216.58.213.132  RAW
(null)          STREAM
(null)          DGRAM
(null)          RAW



Version-Release number of selected component (if applicable):

glibc-2.17-106.el7_2.4.x86_64

How reproducible:

mostly

Steps to Reproduce:
1. ensure upstream nameserver does not have cached result.
2. systemctl stop nscd ; rm -f /var/db/nscd/hosts ; nscd -i hosts ; systemctl start nscd
3. getent ahostsv4 www.google.com


Actual results:

getent ahostsv4 www.google.com
216.58.213.132  STREAM www.google.com
216.58.213.132  DGRAM
216.58.213.132  RAW
(null)          STREAM
(null)          DGRAM
(null)          RAW

or a multiple response

64.15.112.44    STREAM www.google.com
64.15.112.44    DGRAM
64.15.112.44    RAW
64.15.112.55    STREAM
64.15.112.55    DGRAM
64.15.112.55    RAW
64.15.112.40    STREAM
64.15.112.40    DGRAM
64.15.112.40    RAW
64.15.112.25    STREAM
64.15.112.25    DGRAM
64.15.112.25    RAW
64.15.112.49    STREAM
64.15.112.49    DGRAM
64.15.112.49    RAW
64.15.112.50    STREAM
64.15.112.50    DGRAM
64.15.112.50    RAW
64.15.112.39    STREAM
64.15.112.39    DGRAM
64.15.112.39    RAW
64.15.112.24    STREAM
64.15.112.24    DGRAM
64.15.112.24    RAW
64.15.112.34    STREAM
64.15.112.34    DGRAM
64.15.112.34    RAW
64.15.112.59    STREAM
64.15.112.59    DGRAM
64.15.112.59    RAW
64.15.112.54    STREAM
64.15.112.54    DGRAM
64.15.112.54    RAW
64.15.112.30    STREAM
64.15.112.30    DGRAM
64.15.112.30    RAW
64.15.112.45    STREAM
64.15.112.45    DGRAM
64.15.112.45    RAW
64.15.112.35    STREAM
64.15.112.35    DGRAM
64.15.112.35    RAW
64.15.112.29    STREAM
64.15.112.29    DGRAM
64.15.112.29    RAW
64.15.112.20    STREAM
64.15.112.20    DGRAM
64.15.112.20    RAW
(null)          STREAM
(null)          DGRAM
(null)          RAW


Expected results:

getent ahostsv4 www.google.com
216.58.213.132  STREAM www.google.com
216.58.213.132  DGRAM
216.58.213.132  RAW


Additional info:

A hack of the getent source indicates that the call to inet_ntop is failing (return code not checked), printing the error gives

  inet_ntop FAILED 97/Address family not supported by protocol

where the address family is some garbage value.

Capturing the DNS traffic confirms that there is only the normal A & AAAA queries with valid replies.
Comment 2 Martin Poole 2016-04-06 15:58:14 UTC 
Created attachment 1144266 [details]
dns capture
Comment 3 Martin Poole 2016-04-06 15:58:59 UTC 
Created attachment 1144267 [details]
copy of hosts db after bad lookup
Comment 9 Florian Weimer 2016-05-30 12:20:12 UTC 
*** Bug 1339925 has been marked as a duplicate of this bug. ***
Comment 17 Thomas Oulevey 2017-02-21 08:41:14 UTC 
Any news on a target release ?
Comment 18 Carlos O'Donell 2017-02-22 14:44:21 UTC 
(In reply to Thomas Oulevey from comment #17)
> Any news on a target release ?

The intent is to fix this for the upcoming RHEL 7.4. This is not a guarantee though. Thank you for your patience.
Comment 22 Florian Weimer 2017-03-02 12:16:49 UTC 
These unsupported and untested glibc preview builds contain a fix for this issue:

  https://copr.fedorainfracloud.org/coprs/fweimer/glibc-rhel-7.4/
Comment 35 errata-xmlrpc 2017-08-01 18:06:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1916
Note You need to log in before you can comment on or make changes to this bug.