[5811] in bugtraq
Re: Buffer Overruns in RedHat 5.0
daemon@ATHENA.MIT.EDU (Andreas Jaeger)
Tue Dec 16 14:38:54 1997
Date: Tue, 16 Dec 1997 17:29:11 +0100
Reply-To: Andreas Jaeger <aj@ARTHUR.RHEIN-NECKAR.DE>
From: Andreas Jaeger <aj@ARTHUR.RHEIN-NECKAR.DE>
X-To: Wilton Wong - ListMail <listmail@NOVA.BLACKSTAR.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Wilton Wong - ListMail's message of "Sat, 13 Dec 1997 13:49:11
-0700"
The appended patch should fix the Buffer Overrun in GNU libc 2.0.x
(RedHat 5.0 contains glibc 2.0.5c). Thanks for pointing out the bug,
Wilton.
The patch will be in glibc 2.0.6 which should be released soonish
(we're pre-release testing at the moment). The patch has been for
some time already in the development version of glibc 2.1 but didn't
make it in the 2.0 track:-(. Sorry about that.
I'd advise everybody to upgrade to 2.0.6 when it's released since it
will fix other bugs as well.
Andreas
1997-05-23 15:26 Philip Blundell <pjb27@cam.ac.uk>
* resolv/res_query.c (res_querydomain): Avoid potential buffer
overrun. Reported by Dan A. Dickey <ddickey@transition.com>.
$ diff -u /dbase/glibc-2.0.6pre4/resolv/res_query.c /usr/glibc/src/libc/resolv/
--- /dbase/glibc-2.0.6pre4/resolv/res_query.c Mon Jan 6 23:05:43 1997
+++ /usr/glibc/src/libc/resolv/res_query.c Mon Dec 8 09:05:53 1997
@@ -321,7 +321,7 @@
u_char *answer; /* buffer to put answer */
int anslen; /* size of answer */
{
- char nbuf[MAXDNAME];
+ char nbuf[MAXDNAME * 2 + 2];
const char *longname = nbuf;
int n;
--
Andreas Jaeger aj@arthur.rhein-neckar.de jaeger@informatik.uni-kl.de
for pgp-key finger ajaeger@alma.student.uni-kl.de
http://www.student.uni-kl.de/~ajaeger/
