[erlang-questions] FW: [rabbitmq-users] glibc GHOST vulnerability and rabbitmq
Michael Santos
michael.santos@REDACTED
Wed Jan 28 16:38:53 CET 2015
On Wed, Jan 28, 2015 at 08:48:32AM -0600, Chris Nicel wrote:
> Hi All,
>
> I have a question about the GHOST vulnerability and erlangs use of the gethostbyname() function. We use RabbitMQ here and I am attempting to understand how vulnerable to attack we are on our Linux servers so I can weigh up the odds and give my superiors a good reason to upgrade and reboot the servers.
>
> RabbitMQ invokes the gethostbyname() function through it’s erlang library. How does the erlang library handle calls to gethostbyname? Does it sanitise the inputs or limit the length of the hostname prior to calling out?
>
> Cheers
>
> Chris
inet:gethostbyname/1 starts up a native port process that calls
gethostbyname(3) directly:
~~~ erts/etc/common/inet_gethost.c
case PROTO_IPV4: { /* switch (proto) { */
DEBUGF(5,("Starting gethostbyname(%s)",data));
he = gethostbyname((char*)data);
~~~
$ erl
1> X = string:copies("0", 16#10000-16*1-2*4-1-4).
2> inet:gethostbyname(X).
{error,nxdomain}
3> inet:gethostbyname(X).
*** glibc detected *** inet_gethost: free(): invalid next size (normal): 0x01f9bdb0 ***
inet_gethost[3018]: WARNING:Malformed reply (header) from worker process 3019.
> From: Michael Klishin [mailto:mklishin@REDACTED]
> Sent: 28 January 2015 13:28
> To: Chris Nicel
> Cc: rabbitmq-users@REDACTED
> Subject: Re: [rabbitmq-users] glibc GHOST vulnerability and rabbitmq
>
> On 28/1/2015, at 16:17, Chris Nicel <Chris.Nicel@REDACTED<mailto:Chris.Nicel@REDACTED>> wrote:
> Can you confirm if either of the following conditions are true related to erlang and rabbitmq:
>
>
> 1. The service's protocol involves it being given a hostname which needs resolving to an IP
> RabbitMQ server in a cluster performs hostname resolution. So does rabbitmqctl (in most cases).
>
>
> 2. The service doesn't sanitise or limit the length of the given hostname before calling getHostByName
> RabbitMQ does not do that, however, it also does not invoke gethostbyname(2) directly. Please ask on erlang-questions, since this is handled by the runtime.
>
> MK
>
> 15below Limited: Company registered in England and Wales No 3945289
> Registered Office: Lyndean House, 43-46 Queens Road, Brighton BN1 3XB, United Kingdom
>
> 15below Australia Pty Limited: ABN 25 132 716 379
> Level 21, Tower 2 Darling Park, 201 Sussex Street, Sydney, NSW 2000, Australia
>
> Please think about the environment before printing this email.
>
> ************************************************************************
> This email and any attachments may be confidential and/or legally privileged and are solely for the use of the intended recipient. If you have received this email in error please contact the sender. Any views or opinions expressed within this e-mail are solely those of the sender, and do not necessarily represent those of 15below unless otherwise specifically stated. Although 15below has taken every reasonable precaution to ensure that any attachment to this e-mail has been checked for viruses, it is strongly recommended that you carry out your own virus check before opening any attachment, as we cannot accept liability for any damage sustained as a result of software virus infection.
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list