This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.20-359-g11e3417
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 16 Dec 2014 09:09:33 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.20-359-g11e3417
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 11e3417af6e354f1942c68a271ae51e892b2814d (commit)
from ae61fc7b33d9d99d2763c16de8275227dc9748ba (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=11e3417af6e354f1942c68a271ae51e892b2814d
commit 11e3417af6e354f1942c68a271ae51e892b2814d
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Dec 15 17:41:13 2014 +0100
Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
diff --git a/ChangeLog b/ChangeLog
index a0a11e8..ee147e2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-16 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #17630]
+ * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+ names.
+
2014-12-16 Allan McRae <allan@archlinux.org>
* stdio-common/Makefile (tests): Re-add bug26.
diff --git a/NEWS b/NEWS
index 3556ecd..11121ca 100644
--- a/NEWS
+++ b/NEWS
@@ -13,8 +13,8 @@ Version 2.21
15884, 16469, 16617, 16619, 16657, 16740, 16857, 17192, 17266, 17344,
17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508,
17522, 17555, 17570, 17571, 17572, 17573, 17574, 17581, 17582, 17583,
- 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17633, 17634,
- 17647, 17653, 17657, 17664, 17665, 17668, 17682.
+ 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633,
+ 17634, 17647, 17653, 17657, 17664, 17665, 17668, 17682.
* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
under certain input conditions resulting in the execution of a shell for
@@ -25,6 +25,9 @@ Version 2.21
* CVE-2012-3406 printf-style functions could run into a stack overflow when
processing format strings with a large number of format specifiers.
+* The nss_dns implementation of getnetbyname could run into an infinite loop
+ if the DNS response contained a PTR record of an unexpected format.
+
* The minimum GCC version that can be used to build this version of the GNU
C Library is GCC 4.6. Older GCC versions, and non-GNU compilers, can
still be used to compile programs using the GNU C Library.
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 0a77c8b..08cf0a6 100644
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
case BYNAME:
{
- char **ap = result->n_aliases++;
- while (*ap != NULL)
+ char **ap;
+ for (ap = result->n_aliases; *ap != NULL; ++ap)
{
/* Check each alias name for being of the forms:
4.3.2.1.in-addr.arpa = net 1.2.3.4
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
NEWS | 7 +++++--
resolv/nss_dns/dns-network.c | 4 ++--
3 files changed, 13 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU C Library master sources