diff options
Diffstat (limited to 'meta/recipes-core/glibc/glibc/CVE-2016-3075.patch')
-rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2016-3075.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-3075.patch b/meta/recipes-core/glibc/glibc/CVE-2016-3075.patch new file mode 100644 index 0000000000..7b9dc4f5c3 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2016-3075.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | glibc-2.23: Fix CVE-2016-3075 | ||
2 | |||
3 | [No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-3075 | ||
4 | |||
5 | resolv/nss_dns/dns-network.c: Stack overflow in _nss_dns_getnetbyname_r | ||
6 | |||
7 | The defensive copy is not needed because the name may not alias the | ||
8 | output buffer. | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | CVE: CVE-2016-3075 | ||
12 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
13 | Signed-off-by: Pascal Bach <pascal.bach@siemens.com> | ||
14 | |||
15 | diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c | ||
16 | index 2eb2f67..8f301a7 100644 | ||
17 | --- a/resolv/nss_dns/dns-network.c | ||
18 | +++ b/resolv/nss_dns/dns-network.c | ||
19 | @@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result, | ||
20 | } net_buffer; | ||
21 | querybuf *orig_net_buffer; | ||
22 | int anslen; | ||
23 | - char *qbuf; | ||
24 | enum nss_status status; | ||
25 | |||
26 | if (__res_maybe_init (&_res, 0) == -1) | ||
27 | return NSS_STATUS_UNAVAIL; | ||
28 | |||
29 | - qbuf = strdupa (name); | ||
30 | - | ||
31 | net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024); | ||
32 | |||
33 | - anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf, | ||
34 | + anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf, | ||
35 | 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL); | ||
36 | if (anslen < 0) | ||
37 | { | ||