mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-21 20:40:05 +00:00
CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]
This commit is contained in:
parent
7bf8fb1042
commit
2959eda927
@ -1,3 +1,9 @@
|
||||
2015-04-21 Arjun Shankar <arjun.is@lostca.se>
|
||||
|
||||
[BZ #18287]
|
||||
* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
|
||||
based on padding. (CVE-2015-1781)
|
||||
|
||||
2015-04-20 Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
|
||||
* nptl/pthread_cond_timedwait.c: Change include bits/libc-vdso.h to just
|
||||
|
9
NEWS
9
NEWS
@ -16,7 +16,14 @@ Version 2.22
|
||||
17969, 17978, 17987, 17991, 17996, 17998, 17999, 18019, 18020, 18029,
|
||||
18030, 18032, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18068,
|
||||
18080, 18093, 18100, 18104, 18110, 18111, 18128, 18138, 18185, 18197,
|
||||
18206, 18210, 18211, 18247.
|
||||
18206, 18210, 18211, 18247, 18287.
|
||||
|
||||
* A buffer overflow in gethostbyname_r and related functions performing DNS
|
||||
requests has been fixed. If the NSS functions were called with a
|
||||
misaligned buffer, the buffer length change due to pointer alignment was
|
||||
not taken into account. This could result in application crashes or,
|
||||
potentially arbitrary code execution, using crafted, but syntactically
|
||||
valid DNS responses. (CVE-2015-1781)
|
||||
|
||||
* A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
|
||||
for LD and GD on x86 and x86-64, has been implemented. You will need
|
||||
|
@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
|
||||
int have_to_map = 0;
|
||||
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
|
||||
buffer += pad;
|
||||
if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
|
||||
buflen = buflen > pad ? buflen - pad : 0;
|
||||
if (__glibc_unlikely (buflen < sizeof (struct host_data)))
|
||||
{
|
||||
/* The buffer is too small. */
|
||||
too_small:
|
||||
|
Loading…
Reference in New Issue
Block a user