Sophie

Sophie

distrib > Mageia > 5 > i586 > media > core-updates-src > by-pkgid > 11f97bbd2adce813d2e3f0d63eb2159f > files > 14

glibc-2.20-22.mga5.src.rpm

From f80af76648ed97a76745fad6caa3315a79cb1c7c Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 15 Dec 2014 17:41:13 +0100
Subject: [PATCH 14/18] Avoid infinite loop in nss_dns getnetbyname [BZ #17630]

(cherry picked from commit 11e3417af6e354f1942c68a271ae51e892b2814d)
(cherry picked from commit e54db0ea6a49affac43fa305fd134f3020c41382)

Conflicts:
	NEWS
---
 ChangeLog                    | 6 ++++++
 NEWS                         | 8 ++++++--
 resolv/nss_dns/dns-network.c | 4 ++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 88d2f1e..e416cd0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-16  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #17630]
+	* resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+	names.
+
 2014-12-15  Jeff Law  <law@redhat.com>
 
 	[BZ #16617]
diff --git a/NEWS b/NEWS
index f6cdb66..9bc835c 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.20.1
 
 * The following bugs are resolved with this release:
 
-  16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625.
+  16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625, 17630.
 
 * CVE-2014-7817 The wordexp function could ignore the WRDE_NOCMD flag
   under certain input conditions resulting in the execution of a shell for
@@ -18,7 +18,11 @@ Version 2.20.1
   shell and returns the error WRDE_CMDSUB as expected.
 
 * CVE-2012-3406 printf-style functions could run into a stack overflow when
-  processing format strings with a large number of format specifiers.a
+  processing format strings with a large number of format specifiers.
+
+* CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an
+  infinite loopif the DNS response contained a PTR record of an unexpected
+  format.
 
 Version 2.20
 
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 0a77c8b..08cf0a6 100644
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
 
 	case BYNAME:
 	  {
-	    char **ap = result->n_aliases++;
-	    while (*ap != NULL)
+	    char **ap;
+	    for (ap = result->n_aliases; *ap != NULL; ++ap)
 	      {
 		/* Check each alias name for being of the forms:
 		   4.3.2.1.in-addr.arpa		= net 1.2.3.4
-- 
2.3.0

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional