1fbbeff0c1
Fixes CVE-2014-8121, CVE-2015-1781 and two unnumbered problems (apparently). All these commits should be contained in the 2.22 release, but we don't want that yet due to unresolved locale incompatibilites.
28 lines
1020 B
Diff
28 lines
1020 B
Diff
From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001
|
|
From: Arjun Shankar <arjun.is@lostca.se>
|
|
Date: Tue, 21 Apr 2015 14:06:31 +0200
|
|
Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
|
|
[BZ#18287]
|
|
|
|
---
|
|
ChangeLog | 6 ++++++
|
|
NEWS | 9 ++++++++-
|
|
resolv/nss_dns/dns-host.c | 3 ++-
|
|
3 files changed, 16 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
|
|
index b16b0dd..d8c5579 100644
|
|
--- a/resolv/nss_dns/dns-host.c
|
|
+++ b/resolv/nss_dns/dns-host.c
|
|
@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
|
|
int have_to_map = 0;
|
|
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
|
|
buffer += pad;
|
|
- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
|
|
+ buflen = buflen > pad ? buflen - pad : 0;
|
|
+ if (__glibc_unlikely (buflen < sizeof (struct host_data)))
|
|
{
|
|
/* The buffer is too small. */
|
|
too_small:
|
|
|