1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch b/meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch
new file mode 100644
index 0000000000..c02fa127cd
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch
@@ -0,0 +1,43 @@
+From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001
+From: Arjun Shankar <arjun.is@lostca.se>
+Date: Tue, 21 Apr 2015 14:06:31 +0200
+Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
+ [BZ#18287]
+Upstream-Status: Backport
+https://sourceware.org/bugzilla/show_bug.cgi?id=18287
+---
+ resolv/nss_dns/dns-host.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index b16b0ddf110907a0086b86612e544d3dc75182b8..d8c55791591750567f00e616e5d7b378dec934a0 100644
+--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
+@@ -608,21 +608,22 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int n, ancount, qdcount;
+   int haveanswer, had_error;
+   char *bp, **ap, **hap;
+   char tbuf[MAXDNAME];
+   const char *tname;
+   int (*name_ok) (const char *);
+   u_char packtmp[NS_MAXCDNAME];
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
+  buflen = buflen > pad ? buflen - pad : 0;
+  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
+     {
+       /* The buffer is too small.  */
+     too_small:
+       *errnop = ERANGE;
+       *h_errnop = NETDB_INTERNAL;
+       return NSS_STATUS_TRYAGAIN;
+     }
+   host_data = (struct host_data *) buffer;
+   linebuflen = buflen - sizeof (struct host_data);
+   if (buflen - sizeof (struct host_data) != linebuflen)
+-- 
+2.2.2

diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch b/meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch new file mode 100644 index 0000000000..c02fa127cd --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch
@@ -0,0 +1,43 @@
	1	From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001
	2	From: Arjun Shankar <arjun.is@lostca.se>
	3	Date: Tue, 21 Apr 2015 14:06:31 +0200
	4	Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
	5	[BZ#18287]
	6
	7	Upstream-Status: Backport
	8	https://sourceware.org/bugzilla/show_bug.cgi?id=18287
	9	---
	10	resolv/nss_dns/dns-host.c \| 3 ++-
	11	1 file changed, 2 insertions(+), 1 deletion(-)
	12
	13	diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
	14	index b16b0ddf110907a0086b86612e544d3dc75182b8..d8c55791591750567f00e616e5d7b378dec934a0 100644
	15	--- a/resolv/nss_dns/dns-host.c
	16	+++ b/resolv/nss_dns/dns-host.c
	17	@@ -608,21 +608,22 @@ getanswer_r (const querybuf answer, int anslen, const char qname, int qtype,
	18	int n, ancount, qdcount;
	19	int haveanswer, had_error;
	20	char bp, ap, *hap;
	21	char tbuf[MAXDNAME];
	22	const char *tname;
	23	int (name_ok) (const char );
	24	u_char packtmp[NS_MAXCDNAME];
	25	int have_to_map = 0;
	26	uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
	27	buffer += pad;
	28	- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
	29	+ buflen = buflen > pad ? buflen - pad : 0;
	30	+ if (__glibc_unlikely (buflen < sizeof (struct host_data)))
	31	{
	32	/* The buffer is too small. */
	33	too_small:
	34	*errnop = ERANGE;
	35	*h_errnop = NETDB_INTERNAL;
	36	return NSS_STATUS_TRYAGAIN;
	37	}
	38	host_data = (struct host_data *) buffer;
	39	linebuflen = buflen - sizeof (struct host_data);
	40	if (buflen - sizeof (struct host_data) != linebuflen)
	41	--
	42	2.2.2
	43