This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch release/2.23/master updated. glibc-2.23-32-g4c4b3cb

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 9 May 2016 09:19:58 -0000
Subject: GNU C Library master sources branch release/2.23/master updated. glibc-2.23-32-g4c4b3cb

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.23/master has been updated
       via  4c4b3cbb4638ec19de19c167d498e30fd67501ab (commit)
      from  2d1f6790183dabf54c5b05be97d3872dab720c83 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4c4b3cbb4638ec19de19c167d498e30fd67501ab

commit 4c4b3cbb4638ec19de19c167d498e30fd67501ab
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 2 16:04:32 2016 +0200

    hesiod: Avoid heap overflow in get_txt_records [BZ #20031]
    
    (cherry picked from commit 8a03ccbb77f52ec4b55062eeedddb8daec1a33e4)

diff --git a/ChangeLog b/ChangeLog
index 00c9c1e..1c76a4b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2016-05-02  Florian Weimer  <fweimer@redhat.com>
 
+	[BZ #20031]
+	* hesiod/hesiod.c (get_txt_records): Return error if TXT record is
+	completely empty.
+
+2016-05-02  Florian Weimer  <fweimer@redhat.com>
+
 	[BZ #19573]
 	* hesiod/Makefile (libnss_hesiod-routines): Remove hesiod-init.
 	* hesiod/nss_hesiod/hesiod-init.c: Remove file.
diff --git a/hesiod/hesiod.c b/hesiod/hesiod.c
index 5b13b3f..98ddee3 100644
--- a/hesiod/hesiod.c
+++ b/hesiod/hesiod.c
@@ -411,7 +411,7 @@ get_txt_records(struct hesiod_p *ctx, int class, const char *name) {
 		cp += INT16SZ + INT32SZ;	/* skip the ttl, too */
 		rr.dlen = ns_get16(cp);
 		cp += INT16SZ;
-		if (cp + rr.dlen > eom) {
+		if (rr.dlen == 0 || cp + rr.dlen > eom) {
 			__set_errno(EMSGSIZE);
 			goto cleanup;
 		}

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |    6 ++++++
 hesiod/hesiod.c |    2 +-
 2 files changed, 7 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]