diff options
| author | Siddhesh Poyarekar <siddhesh@redhat.com> | 2013-10-30 16:13:37 +0530 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@redhat.com> | 2013-10-30 16:19:40 +0530 |
| commit | 977f4b31b7ca4a4e498c397f3fd70510694bbd86 (patch) | |
| tree | 4f53a0fdb7ea94f487d26f9df0b658e0b14ff64b /NEWS | |
| parent | 66925c47793852d1a8423cd25ab78d7dabdf5924 (diff) | |
| download | glibc-977f4b31b7ca4a4e498c397f3fd70510694bbd86.tar.gz glibc-977f4b31b7ca4a4e498c397f3fd70510694bbd86.tar.xz glibc-977f4b31b7ca4a4e498c397f3fd70510694bbd86.zip | |
Fix reads for sizes larger than INT_MAX in AF_INET lookup
Currently for AF_INET lookups from the hosts file, buffer sizes larger than INT_MAX silently overflow and may result in access beyond bounds of a buffer. This happens when the number of results in an AF_INET lookup in /etc/hosts are very large. There are two aspects to the problem. One problem is that the size computed from the buffer size is stored into an int, which results in overflow for large sizes. Additionally, even if this size was expanded, the function used to read content into the buffer (fgets) accepts only int sizes. As a result, the fix is to have a function wrap around fgets that calls it multiple times with int sizes if necessary.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/NEWS b/NEWS index fa24d9bfa0..87d183afb2 100644 --- a/NEWS +++ b/NEWS @@ -16,7 +16,7 @@ Version 2.19 15760, 15764, 15797, 15825, 15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948, 15963, 15966, 15988, 16032, - 16034, 16036, 16041, 16072, 16074, 16078. + 16034, 16036, 16041, 16071, 16072, 16074, 16078. * CVE-2012-4412 The strcoll implementation caches indices and rules for large collation sequences to optimize multiple passes. This cache |