This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.23-132-g317b199
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 29 Mar 2016 14:06:24 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.23-132-g317b199
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 317b199b4aff8cfa27f2302ab404d2bb5032b9a4 (commit)
from a6033052d08027f745867e5e346852da1959226c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4
commit 317b199b4aff8cfa27f2302ab404d2bb5032b9a4
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Mar 29 12:57:56 2016 +0200
CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
The defensive copy is not needed because the name may not alias the
output buffer.
diff --git a/ChangeLog b/ChangeLog
index ce6f8a2..b620bbf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2016-03-29 Florian Weimer <fweimer@redhat.com>
+ [BZ #19879]
+ CVE-2016-3075
+ * resolv/nss_dns/dns-network.c (_nss_dns_getnetbyname_r): Do not
+ copy name.
+
+2016-03-29 Florian Weimer <fweimer@redhat.com>
+
[BZ #19837]
* nss/nss_db/db-XXX.c (_nss_db_getENTNAME_r): Propagate ERANGE
error if parse_line fails.
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 2eb2f67..8f301a7 100644
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result,
} net_buffer;
querybuf *orig_net_buffer;
int anslen;
- char *qbuf;
enum nss_status status;
if (__res_maybe_init (&_res, 0) == -1)
return NSS_STATUS_UNAVAIL;
- qbuf = strdupa (name);
-
net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
- anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
+ anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf,
1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
if (anslen < 0)
{
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 7 +++++++
resolv/nss_dns/dns-network.c | 5 +----
2 files changed, 8 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU C Library master sources