about summary refs log tree commit diff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2009-07-16 23:37:50 -0700
committerUlrich Drepper <drepper@redhat.com>2009-07-16 23:37:50 -0700
commit1c0ab5bd34159d2ae53390571113844ebadc161b (patch)
treeaa81b93cc43a1d56be12f2f9da9f508118a33943
parent137028b4d7e50f71906c1656c27079eac5a1d085 (diff)
downloadglibc-1c0ab5bd34159d2ae53390571113844ebadc161b.tar.gz
glibc-1c0ab5bd34159d2ae53390571113844ebadc161b.tar.xz
glibc-1c0ab5bd34159d2ae53390571113844ebadc161b.zip
Handle overly large answer buffers in resolver.
In EDNS0 records the maximum result size is transmitted in a 16
bit value.  Large buffer sizes were handled incorrectly by using
only the low 16 bits.  Fix this by limiting the size to 0xffff.
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--resolv/res_mkquery.c2
2 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 37f20a4b8b..7dab061790 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-07-16  Ulrich Drepper  <drepper@redhat.com>
+
+	[BZ #10360]
+	* resolv/res-mkquery.c (__res_nopt): If anslen is > 0xffff store
+	0xffff in the EDNS0 record.
+
 2009-07-16  Petr Baudis  <pasky@suse.cz>
 
 	* nscd/mem.c (mempool_alloc): Fix unlock missing in the else branch.
diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
index ae0cdb417e..2dda4c0f45 100644
--- a/resolv/res_mkquery.c
+++ b/resolv/res_mkquery.c
@@ -244,7 +244,7 @@ __res_nopt(res_state statp,
 	*cp++ = 0;	/* "." */
 
 	NS_PUT16(T_OPT, cp);	/* TYPE */
-	NS_PUT16(anslen & 0xffff, cp);	/* CLASS = UDP payload size */
+	NS_PUT16(MIN(anslen, 0xffff), cp);	/* CLASS = UDP payload size */
 	*cp++ = NOERROR;	/* extended RCODE */
 	*cp++ = 0;		/* EDNS version */
 	/* XXX Once we support DNSSEC we change the flag value here.  */
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-27 15:19:28 +0000