aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2016-05-02 16:04:32 +0200
committerFlorian Weimer <fweimer@redhat.com>2016-05-02 16:04:32 +0200
commit8a03ccbb77f52ec4b55062eeedddb8daec1a33e4 (patch)
tree2959b874623881825514fa37617982e9c249e1ac
parent5018f16c6205404ba3aa7298dc8a3d45fbd46bfc (diff)
downloadglibc-8a03ccbb77f52ec4b55062eeedddb8daec1a33e4.tar
glibc-8a03ccbb77f52ec4b55062eeedddb8daec1a33e4.tar.gz
glibc-8a03ccbb77f52ec4b55062eeedddb8daec1a33e4.tar.bz2
glibc-8a03ccbb77f52ec4b55062eeedddb8daec1a33e4.zip
hesiod: Avoid heap overflow in get_txt_records [BZ #20031]
-rw-r--r--ChangeLog6
-rw-r--r--hesiod/hesiod.c2
2 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 1149fd30e2..d7044ea43d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2016-05-02 Florian Weimer <fweimer@redhat.com>
+ [BZ #20031]
+ * hesiod/hesiod.c (get_txt_records): Return error if TXT record is
+ completely empty.
+
+2016-05-02 Florian Weimer <fweimer@redhat.com>
+
[BZ #19573]
* hesiod/Makefile (libnss_hesiod-routines): Remove hesiod-init.
* hesiod/nss_hesiod/hesiod-init.c: Remove file.
diff --git a/hesiod/hesiod.c b/hesiod/hesiod.c
index 6ecbad11cc..c2925a0f99 100644
--- a/hesiod/hesiod.c
+++ b/hesiod/hesiod.c
@@ -398,7 +398,7 @@ get_txt_records(struct hesiod_p *ctx, int class, const char *name) {
cp += INT16SZ + INT32SZ; /* skip the ttl, too */
rr.dlen = ns_get16(cp);
cp += INT16SZ;
- if (cp + rr.dlen > eom) {
+ if (rr.dlen == 0 || cp + rr.dlen > eom) {
__set_errno(EMSGSIZE);
goto cleanup;
}