diff options
author | Stan Shebs <stanshebs@google.com> | 2015-08-17 14:39:38 -0700 |
---|---|---|
committer | Stan Shebs <stanshebs@google.com> | 2015-08-17 14:39:38 -0700 |
commit | 4be23b848411e7d9f6dc8b15e677594f9ffa24f5 (patch) | |
tree | 2bf97afd902455d5659b0d37a1ff675384e56310 | |
parent | e52611a1106089b55f0de3a6c18d84109d804b73 (diff) | |
download | glibc-4be23b848411e7d9f6dc8b15e677594f9ffa24f5.tar.gz glibc-4be23b848411e7d9f6dc8b15e677594f9ffa24f5.tar.xz glibc-4be23b848411e7d9f6dc8b15e677594f9ffa24f5.zip |
Backport fix for BZ 18287 (CVE-2015-1781)
-rw-r--r-- | README.google | 4 | ||||
-rw-r--r-- | resolv/nss_dns/dns-host.c | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/README.google b/README.google index cd604a37df..01359a0b9a 100644 --- a/README.google +++ b/README.google @@ -461,3 +461,7 @@ nptl/tst-tls77mod.c upstream commit https://sourceware.org/git/?p=glibc.git&a=commit&h=f8aeae347377f3dfa8cbadde057adf1827fb1d44 fixes this problem in a different way, so this patch is not needed upstream. + +resolv/nss_dns/dns-host.c + For b/21023324, backport buffer overflow in getanswer_r (PR18287, CVE-2015-1781) + https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386 diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c index f8f192e5af..511bbe2d74 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -613,7 +613,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, int have_to_map = 0; uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); buffer += pad; - if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0)) + buflen = buflen > pad ? buflen - pad : 0; + if (__builtin_expect (buflen < sizeof (struct host_data), 0)) { /* The buffer is too small. */ too_small: |