From d89b3d80f92035acda41010b8d68b32bc471b846 Mon Sep 17 00:00:00 2001
From: Ondřej Bílka <neleai@seznam.cz>
Date: Thu, 5 Jun 2014 19:21:32 +0200
Subject: Fix memory overrun in getifaddrs_internal. Fixes bug 15698.

---
 ChangeLog                         |  6 ++++++
 NEWS                              | 22 +++++++++++-----------
 sysdeps/unix/sysv/linux/ifaddrs.c |  4 ++--
 3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b8da362b08..17f0c8325c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-06-05  Ondřej Bílka  <neleai@seznam.cz>
+
+	[BZ #15698]
+	* sysdeps/unix/sysv/linux/ifaddrs.c (getifaddrs_internal): Fix
+	memory overrun.
+
 2014-06-05  Joseph Myers  <joseph@codesourcery.com>
 
 	* Rules (make-test-out): Include
diff --git a/NEWS b/NEWS
index 0c8f40d11e..622cdbf21d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,17 +9,17 @@ Version 2.20
 
 * The following bugs are resolved with this release:
 
-  6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514,
-  15804, 15894, 15946, 16002, 16064, 16095, 16198, 16284, 16348, 16349,
-  16357, 16362, 16447, 16516, 16532, 16545, 16564, 16574, 16599, 16600,
-  16609, 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639,
-  16642, 16648, 16649, 16670, 16674, 16677, 16680, 16683, 16689, 16695,
-  16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740,
-  16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796,
-  16799, 16800, 16815, 16823, 16824, 16831, 16838, 16849, 16854, 16876,
-  16877, 16878, 16882, 16885, 16888, 16890, 16912, 16915, 16916, 16917,
-  16922, 16927, 16928, 16932, 16943, 16958, 16966, 16967, 16965, 16977,
-  16978, 16984, 16990, 17009.
+  6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347,
+  15514, 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16198, 16284,
+  16348, 16349, 16357, 16362, 16447, 16516, 16532, 16545, 16564, 16574,
+  16599, 16600, 16609, 16610, 16611, 16613, 16619, 16623, 16629, 16632,
+  16634, 16639, 16642, 16648, 16649, 16670, 16674, 16677, 16680, 16683,
+  16689, 16695, 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731,
+  16739, 16740, 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789,
+  16791, 16796, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16849,
+  16854, 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16912, 16915,
+  16916, 16917, 16922, 16927, 16928, 16932, 16943, 16958, 16965, 16966,
+  16967, 16977, 16978, 16984, 16990, 17009.
 
 * The minimum Linux kernel version that this version of the GNU C Library
   can be used with is 2.6.32.
diff --git a/sysdeps/unix/sysv/linux/ifaddrs.c b/sysdeps/unix/sysv/linux/ifaddrs.c
index d83e8f8e84..6deb09445b 100644
--- a/sysdeps/unix/sysv/linux/ifaddrs.c
+++ b/sysdeps/unix/sysv/linux/ifaddrs.c
@@ -780,10 +780,10 @@ getifaddrs_internal (struct ifaddrs **ifap)
 		      else
 			preflen = ifam->ifa_prefixlen;
 
-		      for (i = 0; i < (preflen / 8); i++)
+		      for (i = 0; i < ((preflen - 1) / 8); i++)
 			*cp++ = 0xff;
 		      c = 0xff;
-		      c <<= (8 - (preflen % 8));
+		      c <<= ((128 - preflen) % 8);
 		      *cp = c;
 		    }
 		}
-- 
cgit 1.4.1