[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: valunerability of glibc
From: |
Andreas Schwab |
Subject: |
Re: valunerability of glibc |
Date: |
Fri, 05 Jul 2002 13:42:08 +0200 |
User-agent: |
Gnus/5.090006 (Oort Gnus v0.06) Emacs/21.3.50 (ia64-suse-linux) |
Tomohiro 'Tomo-p' KATO <address@hidden> writes:
|> Dear Sir.
|>
|> Hello.
|>
|> I found some valunerabilities of glibc. Some pointers of buffer is
incremented
|> but length is not changed. It may cause buffer-overflow.
Thanks for your patches.
|> -- cut here ---- cut here ---- cut here ---- cut here ---- cut here ---- cut
here --
|> diff -urN glibc-2.2.4.orig/glibc-compat/nss_dns/dns-host.c glibc-2.2.4/glibc-
|> compat/nss_dns/dns-host.c
|> --- glibc-2.2.4.orig/glibc-compat/nss_dns/dns-host.c Thu Jan 11 02:00:56 2001
|> +++ glibc-2.2.4/glibc-compat/nss_dns/dns-host.c Fri Jul 5 04:23:14 2002
|> diff -urN glibc-2.2.4.orig/glibc-compat/nss_dns/dns-network.c
glibc-2.2.4/glibc-
|> compat/nss_dns/dns-network.c
|> --- glibc-2.2.4.orig/glibc-compat/nss_dns/dns-network.c Thu Jan 11
02:00:56 2001
|> +++ glibc-2.2.4/glibc-compat/nss_dns/dns-network.c Thu Jun 27 22:26:37 2002
These files are not part of glibc.
|> diff -urN glibc-2.2.4.orig/resolv/nss_dns/dns-network.c
glibc-2.2.4/resolv/nss_dns/dns-
|> network.c
|> --- glibc-2.2.4.orig/resolv/nss_dns/dns-network.c Tue Jul 10 03:57:48 2001
|> +++ glibc-2.2.4/resolv/nss_dns/dns-network.c Thu Jun 27 22:26:36 2002
|> @@ -328,7 +328,9 @@
|> }
|> cp += n;
|> *alias_pointer++ = bp;
|> - bp += strlen (bp) + 1;
|> + n = strlen(bp) + 1;
|> + bp += n;
|> + linebuflen -= n;
|> result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC;
|> ++have_answer;
|> }
This patch has already been checked into CVS, it will be included in the
next glibc release.
Andreas.
--
Andreas Schwab, SuSE Labs, address@hidden
SuSE Linux AG, Deutschherrnstr. 15-19, D-90429 Nürnberg
Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."