- Fix out of bounds memory access in resolver (#798471)
This commit is contained in:
Jeff Law
parent
f2aa906557
commit
296965fe20
31
glibc-rh798471.patch
Normal file
31
glibc-rh798471.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
|
||||||
|
|
||||||
|
2012-02-28 Jeff Law <law@redhat.com>
|
||||||
|
|
||||||
|
* resolv/res_query.c (__libc_res_nquerydomain): Avoid
|
||||||
|
out of bounds read.
|
||||||
|
|
||||||
|
diff --git a/resolv/res_query.c b/resolv/res_query.c
|
||||||
|
index 947c651..abccd4a 100644
|
||||||
|
--- a/resolv/res_query.c
|
||||||
|
+++ b/resolv/res_query.c
|
||||||
|
@@ -556,12 +556,16 @@ __libc_res_nquerydomain(res_state statp,
|
||||||
|
* copy without '.' if present.
|
||||||
|
*/
|
||||||
|
n = strlen(name);
|
||||||
|
- if (n >= MAXDNAME) {
|
||||||
|
+
|
||||||
|
+ /* Decrement N prior to checking it against MAXDNAME
|
||||||
|
+ so that we detect a wrap to SIZE_MAX and return
|
||||||
|
+ a reasonable error. */
|
||||||
|
+ n--;
|
||||||
|
+ if (n >= MAXDNAME - 1) {
|
||||||
|
RES_SET_H_ERRNO(statp, NO_RECOVERY);
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- n--;
|
||||||
|
- if (n >= 0 && name[n] == '.') {
|
||||||
|
+ if (name[n] == '.') {
|
||||||
|
strncpy(nbuf, name, n);
|
||||||
|
nbuf[n] = '\0';
|
||||||
|
} else
|
||||||
@ -28,7 +28,7 @@
|
|||||||
Summary: The GNU libc libraries
|
Summary: The GNU libc libraries
|
||||||
Name: glibc
|
Name: glibc
|
||||||
Version: %{glibcversion}
|
Version: %{glibcversion}
|
||||||
Release: 24%{?dist}
|
Release: 25%{?dist}
|
||||||
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
||||||
# Things that are linked directly into dynamically linked programs
|
# Things that are linked directly into dynamically linked programs
|
||||||
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
||||||
@ -106,6 +106,8 @@ Patch35 : %{name}-rh788989.patch
|
|||||||
Patch36 : %{name}-rh795498.patch
|
Patch36 : %{name}-rh795498.patch
|
||||||
# Posted upstream (bz 13705)
|
# Posted upstream (bz 13705)
|
||||||
Patch37 : %{name}-rh760935.patch
|
Patch37 : %{name}-rh760935.patch
|
||||||
|
# Approved upstream, waiting for privs to commit
|
||||||
|
Patch38 : %{name}-rh798471.patch
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -363,6 +365,7 @@ rm -rf %{glibcportsdir}
|
|||||||
%patch35 -p1
|
%patch35 -p1
|
||||||
%patch36 -p1
|
%patch36 -p1
|
||||||
%patch37 -p1
|
%patch37 -p1
|
||||||
|
%patch38 -p1
|
||||||
|
|
||||||
# A lot of programs still misuse memcpy when they have to use
|
# A lot of programs still misuse memcpy when they have to use
|
||||||
# memmove. The memcpy implementation below is not tolerant at
|
# memmove. The memcpy implementation below is not tolerant at
|
||||||
@ -1215,6 +1218,9 @@ rm -f *.filelist*
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 29 2012 Jeff Law <law@redhat.com> - 2.15-25
|
||||||
|
- Fix out of bounds memory access in resolver (#798471)
|
||||||
|
|
||||||
* Fri Feb 24 2012 Jeff Law <law@redhat.com> - 2.15-24
|
* Fri Feb 24 2012 Jeff Law <law@redhat.com> - 2.15-24
|
||||||
- Fix bogus underflow (#760935)
|
- Fix bogus underflow (#760935)
|
||||||
- Correctly handle dns request where large numbers of A and AAA records
|
- Correctly handle dns request where large numbers of A and AAA records
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user