This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch, master, updated. glibc-2.15-261-g8fdceb2

From: carlos at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 29 Feb 2012 17:16:02 -0000
Subject: GNU C Library master sources branch, master, updated. glibc-2.15-261-g8fdceb2

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  8fdceb2efda8cf724cfc4444af86b5f135ad3172 (commit)
      from  1f393a11f65dcaa1952bdcaf0317a65a5f8aff9d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8fdceb2efda8cf724cfc4444af86b5f135ad3172

commit 8fdceb2efda8cf724cfc4444af86b5f135ad3172
Author: Jeff Law <law@redhat.com>
Date:   Wed Feb 29 11:51:27 2012 -0500

    [network] Avoid out ouf bounds read in __libc_res_nquerydomain
    
    2012-02-28  Jeff Law  <law@redhat.com>
    
    	* resolv/res_query.c (__libc_res_nquerydomain): Avoid
    	out of bounds read.

diff --git a/ChangeLog b/ChangeLog
index 069bbc3..5501ffb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-02-29  Jeff Law  <law@redhat.com>
+
+	* resolv/res_query.c (__libc_res_nquerydomain): Avoid
+	out of bounds read.
+
 2012-02-29  Marek Polacek  <polacek@redhat.com>
 
 	[BZ #13706]
diff --git a/resolv/res_query.c b/resolv/res_query.c
index 947c651..abccd4a 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -556,12 +556,16 @@ __libc_res_nquerydomain(res_state statp,
 		 * copy without '.' if present.
 		 */
 		n = strlen(name);
-		if (n >= MAXDNAME) {
+
+		/* Decrement N prior to checking it against MAXDNAME
+		   so that we detect a wrap to SIZE_MAX and return
+		   a reasonable error.  */
+		n--;
+		if (n >= MAXDNAME - 1) {
 			RES_SET_H_ERRNO(statp, NO_RECOVERY);
 			return (-1);
 		}
-		n--;
-		if (n >= 0 && name[n] == '.') {
+		if (name[n] == '.') {
 			strncpy(nbuf, name, n);
 			nbuf[n] = '\0';
 		} else

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          |    5 +++++
 resolv/res_query.c |   10 +++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]