Fix reads for sizes larger than INT_MAX in AF_INET lookup - mirror/glibc - mirror of git://sourceware.org/git/glibc.git

diff options

author	Siddhesh Poyarekar <siddhesh@redhat.com>	2013-10-30 16:13:37 +0530
committer	Siddhesh Poyarekar <siddhesh@redhat.com>	2013-10-30 16:19:40 +0530
commit	977f4b31b7ca4a4e498c397f3fd70510694bbd86 (patch)
tree	4f53a0fdb7ea94f487d26f9df0b658e0b14ff64b /elf/reldep9mod3.c
parent	66925c47793852d1a8423cd25ab78d7dabdf5924 (diff)
download	glibc-977f4b31b7ca4a4e498c397f3fd70510694bbd86.tar.gz glibc-977f4b31b7ca4a4e498c397f3fd70510694bbd86.tar.xz glibc-977f4b31b7ca4a4e498c397f3fd70510694bbd86.zip

Fix reads for sizes larger than INT_MAX in AF_INET lookup

Currently for AF_INET lookups from the hosts file, buffer sizes larger
than INT_MAX silently overflow and may result in access beyond bounds
of a buffer.  This happens when the number of results in an AF_INET
lookup in /etc/hosts are very large.

There are two aspects to the problem.  One problem is that the size
computed from the buffer size is stored into an int, which results in
overflow for large sizes.  Additionally, even if this size was
expanded, the function used to read content into the buffer (fgets)
accepts only int sizes.  As a result, the fix is to have a function
wrap around fgets that calls it multiple times with int sizes if
necessary.

Diffstat (limited to 'elf/reldep9mod3.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: