[Bug network/19831] nss_dns: getaddrinfo returns uninitialized data when confronted with A/AAAA records of invalid size

["cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=19831

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  5e0c421cc07e2d06945b863ed3bb92395472705d (commit)
      from  b9b026c9c00db1a1b5b4a3caa28162655a04a882 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5e0c421cc07e2d06945b863ed3bb92395472705d

commit 5e0c421cc07e2d06945b863ed3bb92395472705d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 27 16:39:12 2016 +0200

    nss_dns: Check address length before creating addrinfo result [BZ #19831]

    Previously, we allocated room in the result space before the check,
    leaving uninitialized data there in case the check failed.

    This also consolidates the behavior between single (A or AAAA) and
    dual (A and AAAA in parallel) queries.  Single queries checked
    the record length against the QTYPE, not the RRTYPE.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                 |    8 ++++++
 resolv/nss_dns/dns-host.c |   59 +++++++++++++++++++++++++++++---------------
 2 files changed, 47 insertions(+), 20 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.