projects / platform / upstream / linaro-glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: abddae1)
CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]
authorArjun Shankar <arjun.is@lostca.se>
Tue, 21 Apr 2015 12:06:31 +0000 (14:06 +0200)
committerDongkyun, Son <dongkyun.s@samsung.com>
Sun, 22 May 2016 13:28:56 +0000 (22:28 +0900)
Change-Id: I4104608d09d17826cd863877e1f0cdaffaecfe7f
Signed-off-by: Hyung-Kyu (HQ) Choi <hk0110.choi@samsung.com>
resolv/nss_dns/dns-host.c patch | blob | history

diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index 755832e..1a04900 100644 (file)
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
   int have_to_map = 0;
   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
   buffer += pad;
-  if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
+  buflen = buflen > pad ? buflen - pad : 0;
+  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
     {
       /* The buffer is too small.  */
     too_small:
Domain: System / Toolchain;