aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Law <law@redhat.com>2012-02-29 11:51:27 -0500
committerCarlos O'Donell <carlos@codesourcery.com>2012-02-29 11:51:27 -0500
commit8fdceb2efda8cf724cfc4444af86b5f135ad3172 (patch)
tree82fca394d283dbc256d979675977ee3418ddbed3
parent1f393a11f65dcaa1952bdcaf0317a65a5f8aff9d (diff)
downloadglibc-8fdceb2efda8cf724cfc4444af86b5f135ad3172.tar
glibc-8fdceb2efda8cf724cfc4444af86b5f135ad3172.tar.gz
glibc-8fdceb2efda8cf724cfc4444af86b5f135ad3172.tar.bz2
glibc-8fdceb2efda8cf724cfc4444af86b5f135ad3172.zip
[network] Avoid out ouf bounds read in __libc_res_nquerydomain
2012-02-28 Jeff Law <law@redhat.com> * resolv/res_query.c (__libc_res_nquerydomain): Avoid out of bounds read.
-rw-r--r--ChangeLog5
-rw-r--r--resolv/res_query.c10
2 files changed, 12 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 069bbc3e0f..5501ffb4c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-02-29 Jeff Law <law@redhat.com>
+
+ * resolv/res_query.c (__libc_res_nquerydomain): Avoid
+ out of bounds read.
+
2012-02-29 Marek Polacek <polacek@redhat.com>
[BZ #13706]
diff --git a/resolv/res_query.c b/resolv/res_query.c
index 947c6513a2..abccd4a921 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -556,12 +556,16 @@ __libc_res_nquerydomain(res_state statp,
* copy without '.' if present.
*/
n = strlen(name);
- if (n >= MAXDNAME) {
+
+ /* Decrement N prior to checking it against MAXDNAME
+ so that we detect a wrap to SIZE_MAX and return
+ a reasonable error. */
+ n--;
+ if (n >= MAXDNAME - 1) {
RES_SET_H_ERRNO(statp, NO_RECOVERY);
return (-1);
}
- n--;
- if (n >= 0 && name[n] == '.') {
+ if (name[n] == '.') {
strncpy(nbuf, name, n);
nbuf[n] = '\0';
} else