Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNSResolver Libraries
In article <firstname.lastname@example.org>
>> Jeff> libc6 is indeed a big package and the Pine announcement seems
>> Jeff> rather general, if we are lucky, Debians libresolv.so wont need an
>> Jeff> update.
>> The Pine announcement only mentions the libc from BSD-based systems,
>> which is different from Linux's glibc, I believe.
No, it's problem on all resolver libraries originated from BIND, not
I got an information from a web bbs. It says that some parts of the
was already applied
, but not a part.
I attached the lack part of the patch with the mail. It is for
glibc-2.2.5, but it also need to apply potato's glibc.
email@example.com / firstname.lastname@example.org
--- glibc-2.2.5/resolv/nss_dns/dns-network.c.org 2001-07-06 13:55:39.000000000 +0900
+++ glibc-2.2.5/resolv/nss_dns/dns-network.c 2002-06-28 21:42:26.000000000 +0900
@@ -328,7 +328,9 @@
cp += n;
*alias_pointer++ = bp;
- bp += strlen (bp) + 1;
+ n = strlen(bp) + 1;
+ bp += n;
+ linebuflen -= n;
result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC;
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org