about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2014-12-15 17:41:13 +0100
committerFlorian Weimer <fweimer@redhat.com>2014-12-16 10:08:29 +0100
commit11e3417af6e354f1942c68a271ae51e892b2814d (patch)
treecd58a98bda7c6d4d9fba3ac559a2c757a3fae063
parentae61fc7b33d9d99d2763c16de8275227dc9748ba (diff)
downloadglibc-11e3417af6e354f1942c68a271ae51e892b2814d.tar.gz
glibc-11e3417af6e354f1942c68a271ae51e892b2814d.tar.xz
glibc-11e3417af6e354f1942c68a271ae51e892b2814d.zip
Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
-rw-r--r--ChangeLog6
-rw-r--r--NEWS7
-rw-r--r--resolv/nss_dns/dns-network.c4
3 files changed, 13 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index a0a11e8a62..ee147e297f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-16  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #17630]
+	* resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+	names.
+
 2014-12-16  Allan McRae  <allan@archlinux.org>
 
 	* stdio-common/Makefile (tests): Re-add bug26.
diff --git a/NEWS b/NEWS
index 3556ecda2b..11121cacb0 100644
--- a/NEWS
+++ b/NEWS
@@ -13,8 +13,8 @@ Version 2.21
   15884, 16469, 16617, 16619, 16657, 16740, 16857, 17192, 17266, 17344,
   17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508,
   17522, 17555, 17570, 17571, 17572, 17573, 17574, 17581, 17582, 17583,
-  17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17633, 17634,
-  17647, 17653, 17657, 17664, 17665, 17668, 17682.
+  17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633,
+  17634, 17647, 17653, 17657, 17664, 17665, 17668, 17682.
 
 * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
   under certain input conditions resulting in the execution of a shell for
@@ -25,6 +25,9 @@ Version 2.21
 * CVE-2012-3406 printf-style functions could run into a stack overflow when
   processing format strings with a large number of format specifiers.
 
+* The nss_dns implementation of getnetbyname could run into an infinite loop
+  if the DNS response contained a PTR record of an unexpected format.
+
 * The minimum GCC version that can be used to build this version of the GNU
   C Library is GCC 4.6.  Older GCC versions, and non-GNU compilers, can
   still be used to compile programs using the GNU C Library.
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 0a77c8bc48..08cf0a6462 100644
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
 
 	case BYNAME:
 	  {
-	    char **ap = result->n_aliases++;
-	    while (*ap != NULL)
+	    char **ap;
+	    for (ap = result->n_aliases; *ap != NULL; ++ap)
 	      {
 		/* Check each alias name for being of the forms:
 		   4.3.2.1.in-addr.arpa		= net 1.2.3.4