1
0
mirror of https://sourceware.org/git/glibc.git synced 2025-07-29 11:41:21 +03:00

CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]

Also rename T_UNSPEC because an upcoming public header file
update will use that name.
This commit is contained in:
Florian Weimer
2016-12-31 20:22:09 +01:00
parent 3c589b1a8a
commit fc82b0a2df
8 changed files with 220 additions and 8 deletions

View File

@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp,
int n, use_malloc = 0;
u_int oflags = statp->_flags;
size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE;
size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE;
u_char *buf = alloca (bufsize);
u_char *query1 = buf;
int nquery1 = -1;
@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp,
printf(";; res_query(%s, %d, %d)\n", name, class, type);
#endif
if (type == T_UNSPEC)
if (type == T_QUERY_A_AND_AAAA)
{
n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL,
query1, bufsize);
@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp,
if (__builtin_expect (n <= 0, 0) && !use_malloc) {
/* Retry just in case res_nmkquery failed because of too
short buffer. Shouldn't happen. */
bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET;
bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET;
buf = malloc (bufsize);
if (buf != NULL) {
query1 = buf;