From a48e32ee701ff0247601464e5b3d4b6b496eb423 Mon Sep 17 00:00:00 2001 From: Stan Shebs Date: Mon, 9 May 2016 10:29:27 -0700 Subject: [PATCH] Fix stack overflow in _nss_dns_getnetbyname_r (BZ19879) --- README.google | 5 +++++ resolv/nss_dns/dns-network.c | 5 +---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/README.google b/README.google index 85b310ab95..57adcb4ab4 100644 --- a/README.google +++ b/README.google @@ -570,3 +570,8 @@ sysdeps/powerpc/bits/fenvinline.h nptl/sysdeps/unix/sysv/linux/register-atfork.c For b/28011264, detect and work around loop in fork handler list. (stanshebs, google-local) + +resolv/nss_dns/dns-network.c + For b/27917753, fix stack overflow in _nss_dns_getnetbyname_r (BZ19879) + https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4 + (stanshebs, google-local) diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c index 1993ec1676..539bb66b24 100644 --- a/resolv/nss_dns/dns-network.c +++ b/resolv/nss_dns/dns-network.c @@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result, } net_buffer; querybuf *orig_net_buffer; int anslen; - char *qbuf; enum nss_status status; if (__res_maybe_init (&_res, 0) == -1) return NSS_STATUS_UNAVAIL; - qbuf = strdupa (name); - net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024); - anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf, + anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf, 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL); if (anslen < 0) {