| Patrick Williams | f1e5d69 | 2016-03-30 15:21:19 -0500 | [diff] [blame^] | 1 | From bb01edff0377f2585ce304ecbadcb7b6cde372ac Mon Sep 17 00:00:00 2001 |
| 2 | From: Waldemar Brodkorb <wbx@openadk.org> |
| 3 | Date: Mon, 25 Jan 2016 21:11:34 +0100 |
| 4 | Subject: [PATCH] Make sure to always terminate decoded string |
| 5 | |
| 6 | Write a terminating '\0' to dest when the first byte of the encoded data |
| 7 | is 0. This corner case was previously missed. |
| 8 | |
| 9 | Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se> |
| 10 | Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org> |
| 11 | |
| 12 | Upstream-Status: Backport |
| 13 | http://repo.or.cz/uclibc-ng.git/commit/bb01edff0377f2585ce304ecbadcb7b6cde372ac |
| 14 | CVE: CVE-2016-2225 |
| 15 | Signed-off-by: Armin Kuster <akuster@mvista.com> |
| 16 | |
| 17 | --- |
| 18 | libc/inet/resolv.c | 1 + |
| 19 | 1 file changed, 1 insertion(+) |
| 20 | |
| 21 | Index: git/libc/inet/resolv.c |
| 22 | =================================================================== |
| 23 | --- git.orig/libc/inet/resolv.c |
| 24 | +++ git/libc/inet/resolv.c |
| 25 | @@ -671,6 +671,7 @@ int __decode_dotted(const unsigned char |
| 26 | if (!packet) |
| 27 | return -1; |
| 28 | |
| 29 | + dest[0] = '\0'; |
| 30 | while (--maxiter) { |
| 31 | if (offset >= packet_len) |
| 32 | return -1; |