Bug#472269: libc6: res_query makes assumptions about the alignment of the answer argument

[John David Anglin]

Package: libc6
Followup-For: Bug #472269

Dear Maintainer,

I believe this bug is fixed upstream by the following commit:

commit 05dec22d7be722987ff07aebf9690f6078b3c4e9 (HEAD -> master, origin/master,
origin/HEAD)
Author: John David Anglin 
Date:   Tue Mar 22 17:35:54 2022 +

resolv: Fix unaligned accesses to fields in HEADER struct

The structure HEADER is normally aligned to a word boundary but
sometimes it needs to be accessed when aligned on a byte boundary.
This change defines a new typedef, UHEADER, with alignment 1.
It is used to ensure the fields are accessed with byte loads and
stores when necessary.

V4: Change to res_mkquery.c deleted.  Small whitespace fix.

V5: Move UHEADER typedef to resolv/resolv-internal.h.  Replace all
HEADER usage with UHEADER in resolv/res_send.c.

Signed-off-by: John David Anglin 
Reviewed-by: Adhemerval Zanella  

This bug is fixed in debian 2.33 by the patch
any/submitted-resolv-unaligned.diff.  It turns out the following
hunk can be removed:

diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
index 5bc5b41531..9b82c82157 100644
--- a/resolv/res_mkquery.c
+++ b/resolv/res_mkquery.c
@@ -193,6 +193,15 @@ context_mkquery_common (struct resolv_context *ctx,
   return result;
 }
 
+/* The structure HEADER is normally aligned to a word boundary and its
+   fields are accessed using word loads and stores.  We need to access
+   this structure when it is aligned on a byte boundary.  This can cause
+   problems on machines with strict alignment.  So, we create a new
+   typedef to reduce its alignment to one.  This ensures the fields are
+   accessed with byte loads and stores.  */
+typedef HEADER __attribute__ ((__aligned__(1))) UHEADER;
+#define HEADER UHEADER
+
 /* Form all types of queries.  Returns the size of the result or -1 on
error.
 
Regards,
Dave Anglin

-- System Information:
Debian Release: bookworm/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable')
Architecture: hppa (parisc64)

Kernel: Linux 5.16.16+ (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libc6 depends on:
ii  libgcc-s4  12-20220319-1

Versions of packages libc6 recommends:
ii  libidn2-0  2.3.2-2

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.79
ii  glibc-doc  2.33-7
ii  libc-l10n  2.33-7
ii  libnss-nis 3.1-4
ii  libnss-nisplus 1.3-4
ii  locales2.33-7

-- debconf information excluded

Bug#472269: libc6: res_query makes assumptions about the alignment of the answer argument

[Sjoerd Simons]

Package: libc6
Version: 2.7-9
Severity: normal

Hi,

  libc6 assumes the answer argument to the res_query function which is of
  type unsigned char * is aligned in such a way it can be cast to HEADER.

  Thus following apparently correct code causes a SIGBUS on sparc:
 #include stdio.h

 #include arpa/nameser.h
 #include resolv.h

 int
 main (int argc, char ** argv) {
   unsigned char padding[3];
   unsigned char answer[1024];

   res_query (_xmpp-client._tcp.gmail.com, C_IN, T_SRV,
 answer, sizeof(answer));
   return 0;
 }

  Which is obviously quite nasty.

  Sjoerd

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=nl_NL (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1   1:4.3.0-1  GCC support library

libc6 recommends no packages.

-- debconf information:
  glibc/upgrade: true
  glibc/restart-failed:
  glibc/restart-services:



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]