mirrors/musl
1
0
Fork 0
mirror of https://git.musl-libc.org/git/musl synced 2025-01-21 21:52:04 +03:00
Code Issues Packages Projects Releases Wiki Activity
4,806 Commits 2 Branches 77 Tags 7.4 MiB
C 94.4%
Assembly 4.8%
Awk 0.4%
Makefile 0.3%
Shell 0.1%
12590c8bbd
Go to file
Alexey Izbyshev 12590c8bbd fix out-of-bounds reads in __dns_parse 
There are several issues with range checks in this function:

* The question section parsing loop can read up to two out-of-bounds
  bytes before doing the range check and bailing out.

* The answer section parsing loop, in addition to the same issue as
  above, uses the wrong length in the range check that doesn't prevent
  OOB reads when computing len later.

* The len range check before calling the callback is off by 10. Also,
  p+len can overflow in a (probably theoretical) case when p is within
  2^16 from UINTPTR_MAX.

Because __dns_parse is used only with stack-allocated buffers, such
small overreads can't result in a segfault. The first two also don't
affect the function result, but the last one may result in getaddrinfo
incorrectly succeeding and returning up to 10 bytes past the
response buffer as a part of the IP address, and in (canon) name
returned by getaddrinfo/getnameinfo being affected by memory past the
response buffer (because dn_expand might interpret it as a pointer).
2023-02-27 10:01:29 -05:00
arch fix wrong sigaction syscall ABI on mips*, or1k, microblaze, riscv64 2023-02-09 12:33:35 -05:00
compat/time32 remove LFS64 symbol aliases; replace with dynamic linker remapping 2022-10-19 14:01:31 -04:00
crt remove unnecessary and problematic _Noreturn from crt/ldso startup 2019-06-25 19:05:40 -04:00
dist add another example option to dist/config.mak 2012-04-24 16:49:11 -04:00
include fix incorrect unit for CPU_SETSIZE macro 2023-02-23 10:10:44 -05:00
ldso fix debugger tracking of shared libraries on mips with PIE main program 2023-01-18 10:32:14 -05:00
src fix out-of-bounds reads in __dns_parse 2023-02-27 10:01:29 -05:00
tools fix incorrect escaping in add-cfi.*.awk scripts 2020-01-20 15:57:29 -05:00
.gitignore remove obsolete gitignore rules 2016-07-06 00:21:25 -04:00
.mailmap update contributor name 2019-12-07 12:21:35 -05:00
configure configure: disable TBAA optimization because most compilers are buggy 2022-10-19 14:01:31 -04:00
COPYRIGHT add optimized aarch64 memcpy and memset 2020-06-26 17:49:51 -04:00
dynamic.list fix regression in access to optopt object 2018-11-19 13:20:41 -05:00
INSTALL fix typo in INSTALL 2020-11-29 00:46:38 -05:00
Makefile make mallocng the default malloc implementation 2020-06-30 15:38:27 -04:00
README update version reference in the README file 2014-06-25 14:16:53 -04:00
VERSION release 1.2.3 2022-04-07 13:12:40 -04:00
WHATSNEW release 1.2.3 2022-04-07 13:12:40 -04:00

README 

    musl libc

musl, pronounced like the word "mussel", is an MIT-licensed
implementation of the standard C library targetting the Linux syscall
API, suitable for use in a wide range of deployment environments. musl
offers efficient static and dynamic linking support, lightweight code
and low runtime overhead, strong fail-safe guarantees under correct
usage, and correctness in the sense of standards conformance and
safety. musl is built on the principle that these goals are best
achieved through simple code that is easy to understand and maintain.

The 1.1 release series for musl features coverage for all interfaces
defined in ISO C99 and POSIX 2008 base, along with a number of
non-standardized interfaces for compatibility with Linux, BSD, and
glibc functionality.

For basic installation instructions, see the included INSTALL file.
Information on full musl-targeted compiler toolchains, system
bootstrapping, and Linux distributions built on musl can be found on
the project website:

    http://www.musl-libc.org/