Debian Bug report logs -
#135182
libc6: gethostbyname2(inet6) trashes pointer when multiple addrs in /etc/hosts
Reported by: Ken Raeburn <raeburn@raeburn.org>
Date: Fri, 22 Feb 2002 13:03:01 UTC
Severity: normal
Found in version 2.2.5-3
Done: GOTO Masanori <gotom@debian.or.jp>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to
debian-bugs-dist@lists.debian.org, Ben Collins <bcollins@debian.org>, glibc@packages.qa.debian.org:
Bug#135182; Package
libc6.
Full text and
rfc822 format available.
Acknowledgement sent to
Ken Raeburn <raeburn@raeburn.org>:
New Bug report received and forwarded. Copy sent to
Ben Collins <bcollins@debian.org>, glibc@packages.qa.debian.org.
Full text and
rfc822 format available.
Message #5 received at submit@bugs.debian.org (full text, mbox):
Package: libc6
Version: 2.2.5-3
Severity: normal
I found this while looking into why "ping6" always crashed on my
laptop when I tried to ping one of my machines. The target machine in
question is listed in /etc/hosts with both ipv4 and ipv6 addresses,
two of each. My nsswitch.conf file includes:
hosts: files dns
so the hosts file is consulted first.
The ping6 program uses gethostbyname2 with an AF_INET6 argument. My
simple test program using that function and test /etc/hosts entry
shows similar problems:
% cat test2.c
#include <stdio.h>
#include <netdb.h>
int main (int argc, char *argv[]) {
int i, j;
struct hostent *hp = gethostbyname2 (argv[1], AF_INET6);
if (hp == 0) { printf ("host unknown\n"); return 1; }
for (i = 0; hp->h_addr_list[i]; i++) {
printf ("address @%p: ", hp->h_addr_list[i]), fflush (stdout);
for (j = 0; j < hp->h_length; j++)
printf (" %02x", 0xff & hp->h_addr_list[i][j]);
printf ("\n");
}
}
% grep foo.bar /etc/hosts
1234:5::abcd foo.bar
2345:6::abcd foo.bar
% ./test2 foo.bar
address @0xcdab0000: Segmentation fault (core dumped)
Exit 139
%
The first pointer in the h_addr_list array is bogus. From the value
of the pointer's bytes, and some experimentation, it appears that the
pointer is being overwritten with the low four bytes of the last IPv6
address listed. The other pointers are okay, and do point to the
correct 2nd through Nth addresses in file order.
The problem goes away if there's only one IPv6 address for the host in
the hosts file. Things also work fine if I delete the hosts file
entries altogether and fall back to DNS (but I'd rather not, since I
don't have PTR records).
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux rsx-11 2.4.16 #3 Wed Dec 12 23:39:39 MST 2001 i686
Locale: LANG=C, LC_CTYPE=C
Reply sent to
GOTO Masanori <gotom@debian.or.jp>:
You have taken responsibility.
Full text and
rfc822 format available.
Notification sent to
Ken Raeburn <raeburn@raeburn.org>:
Bug acknowledged by developer.
Full text and
rfc822 format available.
Message #10 received at 135182-done@bugs.debian.org (full text, mbox):
This bug has been fixed with glibc 2.3.2.ds1-13. I close this bug.
gotom@moog:~/debian/glibc/bugs/135182> grep foo.bar /etc/hosts
1234:5::abcd foo.bar
2345:6::abcd foo.bar
gotom@moog:~/debian/glibc/bugs/135182> ./test2 foo.bar
address @0x804a008: 12 34 00 05 00 00 00 00 00 00 00 00 00 00 ab cd
address @0x804a03c: 23 45 00 06 00 00 00 00 00 00 00 00 00 00 ab cd
Regards,
-- gotom
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Feb 9 19:35:39 2010;
Machine Name:
busoni.debian.org
Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.