]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
projects / thirdparty / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ff9ade)
CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]
authorArjun Shankar <arjun.is@lostca.se>
Tue, 21 Apr 2015 12:06:31 +0000 (14:06 +0200)
committerMike Frysinger <vapier@gentoo.org>
Tue, 21 Jul 2015 03:23:53 +0000 (23:23 -0400)
(cherry picked from commit 2959eda9272a033863c271aff62095abd01bd4e3)
(cherry picked from commit 01b07c70ad77ef28b6a3661ed3142ebff35b6e69)

resolv/nss_dns/dns-host.c patch | blob | blame | history

diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index f715ab0b3fa7886afe9b9143d000d7f2ac0540b2..40069a73c63cbb3ef4e2ae052740da54ca967245 100644 (file)
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
   int have_to_map = 0;
   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
   buffer += pad;
-  if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
+  buflen = buflen > pad ? buflen - pad : 0;
+  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
     {
       /* The buffer is too small.  */
     too_small:
A mirror of the official glibc repository