File nss-dns-buffer-overflow.patch of Package glibc.8004

2015-04-21  Arjun Shankar  <arjun.is@lostca.se>

	[BZ #18287]
	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
	based on padding.  (CVE-2015-1781)

Index: glibc-2.19/resolv/nss_dns/dns-host.c
===================================================================
--- glibc-2.19.orig/resolv/nss_dns/dns-host.c
+++ glibc-2.19/resolv/nss_dns/dns-host.c
@@ -618,7 +618,8 @@ getanswer_r (const querybuf *answer, int
   int have_to_map = 0;
   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
   buffer += pad;
-  if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
+  buflen = buflen > pad ? buflen - pad : 0;
+  if (__builtin_expect (buflen < sizeof (struct host_data), 0))
     {
       /* The buffer is too small.  */
     too_small:
openSUSE Build Service is sponsored by