From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001 From: Arjun Shankar Date: Tue, 21 Apr 2015 14:06:31 +0200 Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287] --- ChangeLog | 6 ++++++ NEWS | 9 ++++++++- resolv/nss_dns/dns-host.c | 3 ++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c index b16b0dd..d8c5579 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, int have_to_map = 0; uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); buffer += pad; - if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad)) + buflen = buflen > pad ? buflen - pad : 0; + if (__glibc_unlikely (buflen < sizeof (struct host_data))) { /* The buffer is too small. */ too_small: