diff options
author | Jeff Law <law@redhat.com> | 2012-02-29 11:51:27 -0500 |
---|---|---|
committer | Carlos O'Donell <carlos@codesourcery.com> | 2012-02-29 11:51:27 -0500 |
commit | 8fdceb2efda8cf724cfc4444af86b5f135ad3172 (patch) | |
tree | 82fca394d283dbc256d979675977ee3418ddbed3 | |
parent | 1f393a11f65dcaa1952bdcaf0317a65a5f8aff9d (diff) | |
download | glibc-8fdceb2efda8cf724cfc4444af86b5f135ad3172.tar glibc-8fdceb2efda8cf724cfc4444af86b5f135ad3172.tar.gz glibc-8fdceb2efda8cf724cfc4444af86b5f135ad3172.tar.bz2 glibc-8fdceb2efda8cf724cfc4444af86b5f135ad3172.zip |
[network] Avoid out ouf bounds read in __libc_res_nquerydomain
2012-02-28 Jeff Law <law@redhat.com>
* resolv/res_query.c (__libc_res_nquerydomain): Avoid
out of bounds read.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | resolv/res_query.c | 10 |
2 files changed, 12 insertions, 3 deletions
@@ -1,3 +1,8 @@ +2012-02-29 Jeff Law <law@redhat.com> + + * resolv/res_query.c (__libc_res_nquerydomain): Avoid + out of bounds read. + 2012-02-29 Marek Polacek <polacek@redhat.com> [BZ #13706] diff --git a/resolv/res_query.c b/resolv/res_query.c index 947c6513a2..abccd4a921 100644 --- a/resolv/res_query.c +++ b/resolv/res_query.c @@ -556,12 +556,16 @@ __libc_res_nquerydomain(res_state statp, * copy without '.' if present. */ n = strlen(name); - if (n >= MAXDNAME) { + + /* Decrement N prior to checking it against MAXDNAME + so that we detect a wrap to SIZE_MAX and return + a reasonable error. */ + n--; + if (n >= MAXDNAME - 1) { RES_SET_H_ERRNO(statp, NO_RECOVERY); return (-1); } - n--; - if (n >= 0 && name[n] == '.') { + if (name[n] == '.') { strncpy(nbuf, name, n); nbuf[n] = '\0'; } else |