]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
projects / thirdparty / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3970079)
Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
authorFlorian Weimer <fweimer@redhat.com>
Mon, 15 Dec 2014 16:41:13 +0000 (17:41 +0100)
committerAdhemerval Zanella <azanella@linux.vnet.ibm.com>
Fri, 16 Jan 2015 12:52:55 +0000 (07:52 -0500)
ChangeLog patch | blob | blame | history
NEWS patch | blob | blame | history
resolv/nss_dns/dns-network.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index fc394119c7584f6ceb759526a893dbab16e8e3b7..f66dfe32c64348fd0fef7df8806989e34c2e9127 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-16  Florian Weimer  <fweimer@redhat.com>
+
+       [BZ #17630]
+       * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+       names.
+
 2014-12-15  Jeff Law  <law@redhat.com>
 
        [BZ #16617]
diff --git a/NEWS b/NEWS
index 1f830252cf592c0fc2148be046572258cf703113..c96992473b19399b0fb0a1a5f3caffa23f488182 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,7 +10,7 @@ Version 2.19.1
 * The following bugs are resolved with this release:
 
   16545, 16617, 16683, 16689, 16701, 16706, 16707, 16739, 16815, 16619,
-  16740, 17031, 17048, 17137, 17153, 17187, 17213, 17325.
+  16740, 17031, 17048, 17137, 17153, 17187, 17213, 17325, 17630.
 
 * Decoding a crafted input sequence in the character sets IBM933, IBM935,
   IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
@@ -41,6 +41,9 @@ Version 2.19.1
 
 * CVE-2012-3406 printf-style functions could run into a stack overflow when
   processing format strings with a large number of format specifiers.
+
+* The nss_dns implementation of getnetbyname could run into an infinite loop
+  if the DNS response contained a PTR record of an unexpected format.
 \f
 Version 2.19
 
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 8e80a6010e1f25d86c2bdd48c3378ade70150db8..60c94f38a4da67d6261a6adadf2f9b536338a335 100644 (file)
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
 
        case BYNAME:
          {
-           char **ap = result->n_aliases++;
-           while (*ap != NULL)
+           char **ap;
+           for (ap = result->n_aliases; *ap != NULL; ++ap)
              {
                /* Check each alias name for being of the forms:
                   4.3.2.1.in-addr.arpa         = net 1.2.3.4
A mirror of the official glibc repository