This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH COMMITTED] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]

From: Florian Weimer <fweimer at redhat dot com>
To: "H.J. Lu" <hjl dot tools at gmail dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Wed, 14 Jun 2017 08:27:13 +0200
Subject: Re: [PATCH COMMITTED] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 75E7A883A6
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 75E7A883A6
References: <20161231195052.D746842A2EADF@oldenburg.str.redhat.com> <CAMe9rOpH1gbme3Uf9DDf1CBHP5yhBX-cBbi7bY7ABDF8n7aNmQ@mail.gmail.com>

On 06/13/2017 11:30 PM, H.J. Lu wrote:
> On Sat, Dec 31, 2016 at 11:50 AM, Florian Weimer <fweimer@redhat.com> wrote:
>> Also rename T_UNSPEC because an upcoming public header file
>> update will use that name.
>>
>> 2016-12-31  Florian Weimer  <fweimer@redhat.com>
>>
>>         [BZ #18784]
>>         CVE-2015-5180
>>         * include/arpa/nameser_compat.h (T_QUERY_A_AND_AAAA): Rename from
>>         T_UNSPEC.  Adjust value.
>>         * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Use it.
>>         * resolv/res_query.c (__libc_res_nquery): Likewise.
>>         * resolv/res_mkquery.c (res_nmkquery): Check for out-of-range
>>         QTYPEs.
>>         * resolv/tst-resolv-qtypes.c: New file.
>>         * resolv/Makefile (xtests): Add tst-resolv-qtypes.
>>         (tst-resolv-qtypes): Link against libresolv and libpthread.
>>
> 
> This patch was backported to 2.24 branch, which doesn't have
> support/check.h.  I got
> 
> tst-resolv-qtypes.c:21:27: fatal error: support/check.h: No such file
> or directory
>  #include <support/check.h>
>                            ^
> compilation terminated.

Oops.  It's an xtest, so it is not immediately visible.

Arjun has backported the support/ directory since then, so this is
already fixed on the branch.

Thanks,
Florian

References:
- Re: [PATCH COMMITTED] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]
  - From: H.J. Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]