Bug 21934 - glibc 2.2-5 has broken getnameinfo
Summary: glibc 2.2-5 has broken getnameinfo
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: glibc   
(Show other bugs)
Version: 7.0
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-12-08 05:35 UTC by Philip Spencer
Modified: 2016-11-24 15:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-08 23:10:30 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Philip Spencer 2000-12-08 05:35:10 UTC
The new glibc-2.2-5 has a broken getnameinfo function. Specifically, the sense of the NI_NOFQDN flag is reversed.





Calling getnameinfo(sa, salen, host, hostlen, serv, servlen, 0)





    returns ONLY THE INITIAL SEGMENT OF THE HOST NAME, whereas





 getnameinfo(sa, salen, host, hostlen, serv, servlen, NI_NOFQDN)





returns the fully qualified domain name. This is the reverse of the


proper behaviour (a flag of 0 should return the FQDN, and a flag of NI_NOFQDN should return only the host portion).





I have classed this as a security bug since it breaks a lot of security-sensitive software (such as openssh with RSARhosts authentication). I cannot think of any way to exploit it, but anything that messes with hostname lookup in this manner is inherently dangerous.

Comment 1 Jakub Jelinek 2000-12-19 09:35:18 UTC
Fixed in glibc-2.2-9.


Note You need to log in before you can comment on or make changes to this bug.