vapier 15/07/21 03:47:43
Added:
00_all_0017-CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch
Log:
fix from upstream for CVE-2015-1781 #547296
Revision Changes Path
1.1
src/patchsets/glibc/2.21/00_all_0017-CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.21/00_all_0017-CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.21/00_all_0017-CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch?rev=1.1&content-type=text/plain
Index: 00_all_0017-CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch
===================================================================
>From 10c6d2e3243cefdd22933d3706f53d9f913c6cab Mon Sep 17 00:00:00 2001
From: Arjun Shankar <[email protected]>
Date: Tue, 21 Apr 2015 14:06:31 +0200
Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
[BZ#18287]
(cherry picked from commit 2959eda9272a033863c271aff62095abd01bd4e3)
(cherry picked from commit 01b07c70ad77ef28b6a3661ed3142ebff35b6e69)
---
resolv/nss_dns/dns-host.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index f715ab0..40069a7 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char
*qname, int qtype,
int have_to_map = 0;
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
buffer += pad;
- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
+ buflen = buflen > pad ? buflen - pad : 0;
+ if (__glibc_unlikely (buflen < sizeof (struct host_data)))
{
/* The buffer is too small. */
too_small:
--
2.4.4
