The appended patch should fix the Buffer Overrun in GNU libc 2.0.x (RedHat 5.0 contains glibc 2.0.5c). Thanks for pointing out the bug, Wilton. The patch will be in glibc 2.0.6 which should be released soonish (we're pre-release testing at the moment). The patch has been for some time already in the development version of glibc 2.1 but didn't make it in the 2.0 track:-(. Sorry about that. I'd advise everybody to upgrade to 2.0.6 when it's released since it will fix other bugs as well. Andreas 1997-05-23 15:26 Philip Blundell <pjb27at_private> * resolv/res_query.c (res_querydomain): Avoid potential buffer overrun. Reported by Dan A. Dickey <ddickeyat_private>. $ diff -u /dbase/glibc-2.0.6pre4/resolv/res_query.c /usr/glibc/src/libc/resolv/ --- /dbase/glibc-2.0.6pre4/resolv/res_query.c Mon Jan 6 23:05:43 1997 +++ /usr/glibc/src/libc/resolv/res_query.c Mon Dec 8 09:05:53 1997 @@ -321,7 +321,7 @@ u_char *answer; /* buffer to put answer */ int anslen; /* size of answer */ { - char nbuf[MAXDNAME]; + char nbuf[MAXDNAME * 2 + 2]; const char *longname = nbuf; int n; -- Andreas Jaeger ajat_private-neckar.de jaegerat_private-kl.de for pgp-key finger ajaegerat_private-kl.de http://www.student.uni-kl.de/~ajaeger/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:36:26 PDT