Author: aurel32 Date: 2015-10-19 10:49:58 +0000 (Mon, 19 Oct 2015) New Revision: 6659
Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog glibc-package/branches/glibc-branch-wheezy/debian/patches/series Log: patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105. Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog =================================================================== --- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-10-19 10:29:42 UTC (rev 6658) +++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-10-19 10:49:58 UTC (rev 6659) @@ -1,3 +1,10 @@ +eglibc (2.13-38+deb7u9) UNRELEASED; urgency=medium + + * patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix + a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105. + + -- Aurelien Jarno <[email protected]> Mon, 19 Oct 2015 12:40:42 +0200 + eglibc (2.13-38+deb7u8) wheezy-security; urgency=medium * debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff =================================================================== --- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff (rev 0) +++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff 2015-10-19 10:49:58 UTC (rev 6659) @@ -0,0 +1,18 @@ +2015-04-21 Arjun Shankar <[email protected]> + + [BZ #18287] + * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length + based on padding. (CVE-2015-1781) + +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, + int have_to_map = 0; + uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); + buffer += pad; +- if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0)) ++ buflen = buflen > pad ? buflen - pad : 0; ++ if (__builtin_expect (buflen < sizeof (struct host_data), 0)) + { + /* The buffer is too small. */ + too_small: Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series =================================================================== --- glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-10-19 10:29:42 UTC (rev 6658) +++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-10-19 10:49:58 UTC (rev 6659) @@ -403,3 +403,4 @@ any/cvs-posix_spawn_file_actions_addopen.diff any/cvs-getnetbyname.diff any/cvs-getaddrinfo-idn.diff +any/cvs-CVE-2015-1781.diff
