This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch, master, updated. glibc-2.15-261-g8fdceb2
- From: carlos at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 29 Feb 2012 17:16:02 -0000
- Subject: GNU C Library master sources branch, master, updated. glibc-2.15-261-g8fdceb2
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 8fdceb2efda8cf724cfc4444af86b5f135ad3172 (commit)
from 1f393a11f65dcaa1952bdcaf0317a65a5f8aff9d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8fdceb2efda8cf724cfc4444af86b5f135ad3172
commit 8fdceb2efda8cf724cfc4444af86b5f135ad3172
Author: Jeff Law <law@redhat.com>
Date: Wed Feb 29 11:51:27 2012 -0500
[network] Avoid out ouf bounds read in __libc_res_nquerydomain
2012-02-28 Jeff Law <law@redhat.com>
* resolv/res_query.c (__libc_res_nquerydomain): Avoid
out of bounds read.
diff --git a/ChangeLog b/ChangeLog
index 069bbc3..5501ffb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-02-29 Jeff Law <law@redhat.com>
+
+ * resolv/res_query.c (__libc_res_nquerydomain): Avoid
+ out of bounds read.
+
2012-02-29 Marek Polacek <polacek@redhat.com>
[BZ #13706]
diff --git a/resolv/res_query.c b/resolv/res_query.c
index 947c651..abccd4a 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -556,12 +556,16 @@ __libc_res_nquerydomain(res_state statp,
* copy without '.' if present.
*/
n = strlen(name);
- if (n >= MAXDNAME) {
+
+ /* Decrement N prior to checking it against MAXDNAME
+ so that we detect a wrap to SIZE_MAX and return
+ a reasonable error. */
+ n--;
+ if (n >= MAXDNAME - 1) {
RES_SET_H_ERRNO(statp, NO_RECOVERY);
return (-1);
}
- n--;
- if (n >= 0 && name[n] == '.') {
+ if (name[n] == '.') {
strncpy(nbuf, name, n);
nbuf[n] = '\0';
} else
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 5 +++++
resolv/res_query.c | 10 +++++++---
2 files changed, 12 insertions(+), 3 deletions(-)
hooks/post-receive
--
GNU C Library master sources