1693293 – Perl inet_aton is not thread-safe

Bug 1693293 - Perl inet_aton is not thread-safe

Summary: Perl inet_aton is not thread-safe

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	perl-Socket
Sub Component:
Version:	7.6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Pisar
QA Contact:	Jakub Heger
Docs Contact:	Mariya Pershina
URL:
Whiteboard:
Depends On:
Blocks:	1716962
TreeView+	depends on / blocked

Reported:	2019-03-27 13:23 UTC by Paulo Andrade
Modified:	2020-07-27 07:54 UTC (History)
CC List:	5 users (show)
Fixed In Version:	perl-Socket-2.010-5.el7
Doc Type:	Bug Fix
Doc Text:	.`Socket::inet_aton()` can now be used from multiple threads safely Previously, the `Socket::inet_aton()` function, used for resolving a domain name from multiple Perl threads, called the unsafe `gethostbyname()` `glibc` function. Consequently, an incorrect IPv4 address was occasionally returned, or the Perl interpreter terminated unexpectedly. With this update, the `Socket::inet_aton()` implementation has been changed to use the thread-safe `getaddrinfo()` `glibc` function instead of `gethostbyname()`. As a result, the `inet_aton()` function from Perl `Socket` module can be used from multiple threads safely.
Clone Of:
Clones:	1699793 1860405 (view as bug list)
Environment:
Last Closed:	2020-03-31 19:09:42 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Proposed fix ported to 2.010 (1.77 KB, patch) 2019-04-15 09:35 UTC, Petr Pisar	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
CPAN	129189	0	None	None	None	2019-04-15 08:31:04 UTC
Red Hat Product Errata	RHBA-2020:0997	0	None	None	None	2020-03-31 19:09:44 UTC

Comment 2 Petr Pisar 2019-03-27 16:22:18 UTC

Thank you for the report. I confirm I can reproduce the issue.

The inet_aton() function is provided by Socket Perl module and it indeed calls gethostbyname() that is not thread-safe:

void
inet_aton(host)
    char *  host
    CODE:
    {
    struct in_addr ip_address;
    struct hostent * phe;

    if ((*host != '\0') && inet_aton(host, &ip_address)) {
        ST(0) = sv_2mortal(newSVpvn((char *)&ip_address, sizeof(ip_address)));
        XSRETURN(1);
    }

→   phe = gethostbyname(host);
    if (phe && phe->h_addrtype == AF_INET && phe->h_length == 4) {
        ST(0) = sv_2mortal(newSVpvn((char *)phe->h_addr, phe->h_length));
        XSRETURN(1);
    }

    XSRETURN_UNDEF;
    }

As a workaround I recommend using getaddrinfo() from the same Socket module instead. It's thread safe and supports IPv6. As replacement for IO:Socket::INET I recommend IO::Socket::IP instead.

Comment 4 Petr Pisar 2019-04-15 09:35:35 UTC

Created attachment 1555175 [details]
Proposed fix ported to 2.010

Comment 15 errata-xmlrpc 2020-03-31 19:09:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0997

Note You need to log in before you can comment on or make changes to this bug.