]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
projects / thirdparty / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 955edb2)
Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
authorFlorian Weimer <fweimer@redhat.com>
Mon, 15 Dec 2014 16:41:13 +0000 (17:41 +0100)
committerAdhemerval Zanella <azanella@linux.vnet.ibm.com>
Fri, 16 Jan 2015 12:10:42 +0000 (07:10 -0500)
ChangeLog patch | blob | blame | history
NEWS patch | blob | blame | history
resolv/nss_dns/dns-network.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index a89142a918631ecaf136847a236d3948e29e8251..ff8da287f225bb2d50c1d51ad0a5f2f0792e45ce 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-16  Florian Weimer  <fweimer@redhat.com>
+
+       [BZ #17630]
+       * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+       names.
+
 2014-12-15  Jeff Law  <law@redhat.com>
 
        [BZ #16617]
diff --git a/NEWS b/NEWS
index 42697f757170e87d24dac3dd23e14f268603f025..e4c424414ff5199ed6d3313cd86ddc429035a280 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,13 +11,16 @@ Version 2.18.1
 
   14143, 14155, 14547, 14699, 15532, 15427, 15522, 15680, 15723, 15734,
   15735, 15797, 15892, 15895, 15909, 15915, 15917, 15996, 16072, 16150,
-  16414, 16430, 16431, 16617, 17048, 17137, 17187, 17325.
+  16414, 16430, 16431, 16617, 17048, 17137, 17187, 17325, 17630.
 
 * Support for powerpc64le has been added.
 
 * CVE-2012-3406 printf-style functions could run into a stack overflow when
   processing format strings with a large number of format specifiers.
 
+* The nss_dns implementation of getnetbyname could run into an infinite loop
+  if the DNS response contained a PTR record of an unexpected format.
+
 * CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
   copy the path argument.  This allowed programs to cause posix_spawn to
   deference a dangling pointer, or use an unexpected pathname argument if
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 3c4db7eec3130ebed5c88652794052dc6e7bee07..7507f8c46749353c07924a1e9806f46e6a3edfde 100644 (file)
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
 
        case BYNAME:
          {
-           char **ap = result->n_aliases++;
-           while (*ap != NULL)
+           char **ap;
+           for (ap = result->n_aliases; *ap != NULL; ++ap)
              {
                /* Check each alias name for being of the forms:
                   4.3.2.1.in-addr.arpa         = net 1.2.3.4
A mirror of the official glibc repository