Fix off-by-one in nscd getservbyport call

3 files changed, 8 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index b70b51adb4..a35541e0e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-11-11  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #16153]
+	* nscd/nscd_getserv_r.c (__nscd_getservbyport_r): Don't include
+	terminating NUL in key length.
+
 2013-11-08  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
 
 	* sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h (VDSO_IFUNC_RET):
diff --git a/NEWS b/NEWS
index 6a727246ac..e92f5fc17b 100644
--- a/NEWS
+++ b/NEWS
@@ -17,7 +17,7 @@ Version 2.19
   15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887,
   15890, 15892, 15893, 15895, 15897, 15905, 15909, 15917, 15919, 15921,
   15923, 15939, 15948, 15963, 15966, 15985, 15988, 16032, 16034, 16036,
-  16037, 16041, 16071, 16072, 16074, 16078, 16112.
+  16037, 16041, 16071, 16072, 16074, 16078, 16112, 16153.
 
 * CVE-2012-4412 The strcoll implementation caches indices and rules for
   large collation sequences to optimize multiple passes.  This cache
diff --git a/nscd/nscd_getserv_r.c b/nscd/nscd_getserv_r.c
index c9c890c63c..772825854d 100644
--- a/nscd/nscd_getserv_r.c
+++ b/nscd/nscd_getserv_r.c
@@ -54,7 +54,7 @@ __nscd_getservbyport_r (int port, const char *proto,
   portstr[sizeof (portstr) - 1] = '\0';
   char *cp = _itoa_word (port, portstr + sizeof (portstr) - 1, 10, 0);
 
-  return nscd_getserv_r (cp, portstr + sizeof (portstr) - cp, proto,
+  return nscd_getserv_r (cp, portstr + sizeof (portstr) - 1 - cp, proto,
 			 GETSERVBYPORT, result_buf, buf, buflen, result);
 }