| From bb01edff0377f2585ce304ecbadcb7b6cde372ac Mon Sep 17 00:00:00 2001 |
| From: Waldemar Brodkorb <wbx@openadk.org> |
| Date: Mon, 25 Jan 2016 21:11:34 +0100 |
| Subject: [PATCH] Make sure to always terminate decoded string |
| |
| Write a terminating '\0' to dest when the first byte of the encoded data |
| is 0. This corner case was previously missed. |
| |
| Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se> |
| Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org> |
| |
| Upstream-Status: Backport |
| http://repo.or.cz/uclibc-ng.git/commit/bb01edff0377f2585ce304ecbadcb7b6cde372ac |
| CVE: CVE-2016-2225 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| libc/inet/resolv.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| Index: git/libc/inet/resolv.c |
| =================================================================== |
| --- git.orig/libc/inet/resolv.c |
| +++ git/libc/inet/resolv.c |
| @@ -671,6 +671,7 @@ int __decode_dotted(const unsigned char |
| if (!packet) |
| return -1; |
| |
| + dest[0] = '\0'; |
| while (--maxiter) { |
| if (offset >= packet_len) |
| return -1; |