projects / external / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 137028b)
Handle overly large answer buffers in resolver.
authorUlrich Drepper <drepper@redhat.com>
Fri, 17 Jul 2009 06:37:50 +0000 (23:37 -0700)
committerUlrich Drepper <drepper@redhat.com>
Fri, 17 Jul 2009 06:37:50 +0000 (23:37 -0700)
In EDNS0 records the maximum result size is transmitted in a 16
bit value.  Large buffer sizes were handled incorrectly by using
only the low 16 bits.  Fix this by limiting the size to 0xffff.

ChangeLog patch | blob | history
resolv/res_mkquery.c patch | blob | history

diff --git a/ChangeLog b/ChangeLog
index 37f20a4..7dab061 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-07-16  Ulrich Drepper  <drepper@redhat.com>
+
+       [BZ #10360]
+       * resolv/res-mkquery.c (__res_nopt): If anslen is > 0xffff store
+       0xffff in the EDNS0 record.
+
 2009-07-16  Petr Baudis  <pasky@suse.cz>
 
        * nscd/mem.c (mempool_alloc): Fix unlock missing in the else branch.
diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
index ae0cdb4..2dda4c0 100644 (file)
--- a/resolv/res_mkquery.c
+++ b/resolv/res_mkquery.c
@@ -244,7 +244,7 @@ __res_nopt(res_state statp,
        *cp++ = 0;      /* "." */
 
        NS_PUT16(T_OPT, cp);    /* TYPE */
-       NS_PUT16(anslen & 0xffff, cp);  /* CLASS = UDP payload size */
+       NS_PUT16(MIN(anslen, 0xffff), cp);      /* CLASS = UDP payload size */
        *cp++ = NOERROR;        /* extended RCODE */
        *cp++ = 0;              /* EDNS version */
        /* XXX Once we support DNSSEC we change the flag value here.  */
Domain: System / Toolchain;