summaryrefslogtreecommitdiff
path: root/package/glibc/2.18-svnr23787/0004-CVE-2014-9402.patch
blob: c7aa12c1b96ffe06039d135e98946310d8869dcb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Fix CVE-2014-9402 - denial of service in getnetbyname function.
Backport from https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=11e3417af6e354f1942c68a271ae51e892b2814d
See https://bugzilla.redhat.com/show_bug.cgi?id=1175369

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

diff -Nura eglibc-2.19.orig/libc/resolv/nss_dns/dns-network.c eglibc-2.19/libc/resolv/nss_dns/dns-network.c
--- eglibc-2.19.orig/libc/resolv/nss_dns/dns-network.c	2015-01-08 16:12:35.024977879 -0300
+++ eglibc-2.19/libc/resolv/nss_dns/dns-network.c	2015-01-08 16:12:42.543992357 -0300
@@ -398,8 +398,8 @@
 
 	case BYNAME:
 	  {
-	    char **ap = result->n_aliases++;
-	    while (*ap != NULL)
+	    char **ap;
+	    for (ap = result->n_aliases; *ap != NULL; ++ap)
 	      {
 		/* Check each alias name for being of the forms:
 		   4.3.2.1.in-addr.arpa		= net 1.2.3.4
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 22:01:36 +0000