From b9bdfa7c8fa22c944bb5f21a673dfd1f91b71c56 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 27 Apr 2016 14:26:47 +0200
Subject: resolv: Always set *resplen2 out parameter in send_vc [BZ #19825]

In various error scenarios (for example, if the server closes the
TCP connection before sending the full response), send_vc can return
without resetting the *resplen2 value.  This can pass uninitialized
or unexpected data to the caller.
---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 2a4ad3125a..954c95f9a9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2016-04-27  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #19825]
+	* resolv/res_send.c (send_vc): Remove early *resplen2
+	initialization.  Set *resplen2 on socket error.  Call
+	close_and_return_error for other errors.
+
 2016-04-27  Stefan Liebler  <stli@linux.vnet.ibm.com>
 
 	* sysdeps/unix/sysv/linux/netiucv/iucv.h
-- 
cgit 1.4.1