Bugtraq mailing list archives

Re: Buffer Overruns in RedHat 5.0


From: aj () ARTHUR RHEIN-NECKAR DE (Andreas Jaeger)
Date: Tue, 16 Dec 1997 17:29:11 +0100


The appended patch should fix the Buffer Overrun in GNU libc 2.0.x
(RedHat 5.0 contains glibc 2.0.5c). Thanks for pointing out the bug,
Wilton.

The patch will be in glibc 2.0.6 which should be released soonish
(we're pre-release testing at the moment).  The patch has been for
some time already in the development version of glibc 2.1 but didn't
make it in the 2.0 track:-(. Sorry about that.

I'd advise everybody to upgrade to 2.0.6 when it's released since it
will fix other bugs as well.

Andreas

1997-05-23 15:26  Philip Blundell  <pjb27 () cam ac uk>

        * resolv/res_query.c (res_querydomain): Avoid potential buffer
        overrun.  Reported by Dan A. Dickey <ddickey () transition com>.

$ diff -u /dbase/glibc-2.0.6pre4/resolv/res_query.c /usr/glibc/src/libc/resolv/
--- /dbase/glibc-2.0.6pre4/resolv/res_query.c   Mon Jan  6 23:05:43 1997
+++ /usr/glibc/src/libc/resolv/res_query.c      Mon Dec  8 09:05:53 1997
@@ -321,7 +321,7 @@
        u_char *answer;         /* buffer to put answer */
        int anslen;             /* size of answer */
 {
-       char nbuf[MAXDNAME];
+       char nbuf[MAXDNAME * 2 + 2];
        const char *longname = nbuf;
        int n;

--
 Andreas Jaeger   aj () arthur rhein-neckar de    jaeger () informatik uni-kl de
  for pgp-key finger ajaeger () alma student uni-kl de
    http://www.student.uni-kl.de/~ajaeger/



Current thread: