This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.23-250-ga12f943


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  a12f9431b3808e78b9ed397e4fce7de69410d94d (commit)
      from  c3bae689d30c46c56c695d5b4c61b88e3b178d92 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a12f9431b3808e78b9ed397e4fce7de69410d94d

commit a12f9431b3808e78b9ed397e4fce7de69410d94d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 27 17:15:57 2016 +0200

    nss_dns: Skip over non-PTR records in the netent code [BZ #19868]
    
    This requires additional checks for the RDATA length and the
    availability of record metadata.

diff --git a/ChangeLog b/ChangeLog
index 4c8d7bc..91061fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2016-03-25  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #19868]
+	* resolv/nss_dns/dns-network.c (getanswer_r): Implement additional
+	DNS packet syntax checks (which were not needed before).  Skip
+	over non-PTR records.
+
 2016-04-27  Florian Weimer  <fweimer@redhat.com>
 
 	* resolv/nss_dns/dns-network.c (offsetof): Remove macro
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 99ec755..3ae25c7 100644
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -343,10 +343,23 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
       if (n < 0 || res_dnok (bp) == 0)
 	break;
       cp += n;
+
+      if (end_of_message - cp < 10)
+	{
+	  __set_h_errno (NO_RECOVERY);
+	  return NSS_STATUS_UNAVAIL;
+	}
+
       GETSHORT (type, cp);
       GETSHORT (class, cp);
       cp += INT32SZ;		/* TTL */
-      GETSHORT (n, cp);
+      uint16_t rdatalen;
+      GETSHORT (rdatalen, cp);
+      if (end_of_message - cp < rdatalen)
+	{
+	  __set_h_errno (NO_RECOVERY);
+	  return NSS_STATUS_UNAVAIL;
+	}
 
       if (class == C_IN && type == T_PTR)
 	{
@@ -368,7 +381,7 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
 	      cp += n;
 	      return NSS_STATUS_UNAVAIL;
 	    }
-	  cp += n;
+	  cp += rdatalen;
          if (alias_pointer + 2 < &net_data->aliases[MAX_NR_ALIASES])
            {
              *alias_pointer++ = bp;
@@ -379,6 +392,9 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
              ++have_answer;
            }
 	}
+      else
+	/* Skip over unknown record data.  */
+	cp += rdatalen;
     }
 
   if (have_answer)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                    |    7 +++++++
 resolv/nss_dns/dns-network.c |   20 ++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]