r6659 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Author: aurel32
Date: 2015-10-19 10:49:58 +0000 (Mon, 19 Oct 2015)
New Revision: 6659
Added:
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff
Modified:
glibc-package/branches/glibc-branch-wheezy/debian/changelog
glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-10-19 10:29:42 UTC (rev 6658)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-10-19 10:49:58 UTC (rev 6659)
@@ -1,3 +1,10 @@
+eglibc (2.13-38+deb7u9) UNRELEASED; urgency=medium
+
+ * patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
+ a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
+
+ -- Aurelien Jarno <aurel32@debian.org> Mon, 19 Oct 2015 12:40:42 +0200
+
eglibc (2.13-38+deb7u8) wheezy-security; urgency=medium
* debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a
Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2015-1781.diff 2015-10-19 10:49:58 UTC (rev 6659)
@@ -0,0 +1,18 @@
+2015-04-21 Arjun Shankar <arjun.is@lostca.se>
+
+ [BZ #18287]
+ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
+ based on padding. (CVE-2015-1781)
+
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+ int have_to_map = 0;
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+ buffer += pad;
+- if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
++ buflen = buflen > pad ? buflen - pad : 0;
++ if (__builtin_expect (buflen < sizeof (struct host_data), 0))
+ {
+ /* The buffer is too small. */
+ too_small:
Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-10-19 10:29:42 UTC (rev 6658)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-10-19 10:49:58 UTC (rev 6659)
@@ -403,3 +403,4 @@
any/cvs-posix_spawn_file_actions_addopen.diff
any/cvs-getnetbyname.diff
any/cvs-getaddrinfo-idn.diff
+any/cvs-CVE-2015-1781.diff
Reply to: