about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--resolv/res_query.c10
2 files changed, 12 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 069bbc3e0f..5501ffb4c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-02-29  Jeff Law  <law@redhat.com>
+
+	* resolv/res_query.c (__libc_res_nquerydomain): Avoid
+	out of bounds read.
+
 2012-02-29  Marek Polacek  <polacek@redhat.com>
 
 	[BZ #13706]
diff --git a/resolv/res_query.c b/resolv/res_query.c
index 947c6513a2..abccd4a921 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -556,12 +556,16 @@ __libc_res_nquerydomain(res_state statp,
 		 * copy without '.' if present.
 		 */
 		n = strlen(name);
-		if (n >= MAXDNAME) {
+
+		/* Decrement N prior to checking it against MAXDNAME
+		   so that we detect a wrap to SIZE_MAX and return
+		   a reasonable error.  */
+		n--;
+		if (n >= MAXDNAME - 1) {
 			RES_SET_H_ERRNO(statp, NO_RECOVERY);
 			return (-1);
 		}
-		n--;
-		if (n >= 0 && name[n] == '.') {
+		if (name[n] == '.') {
 			strncpy(nbuf, name, n);
 			nbuf[n] = '\0';
 		} else
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-10 10:56:35 +0000