CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]

The defensive copy is not needed because the name may not alias the output buffer.
author: Florian Weimer <fweimer@redhat.com> 2016-03-29 12:57:56 +0200
committer: Florian Weimer <fweimer@redhat.com> 2016-03-29 12:57:56 +0200
commit: 317b199b4aff8cfa27f2302ab404d2bb5032b9a4 (patch)
tree: 2a1de65b3b7bc6d897db54edc1e2abeeac01407d /ChangeLog
parent: a6033052d08027f745867e5e346852da1959226c (diff)
download: glibc-317b199b4aff8cfa27f2302ab404d2bb5032b9a4.tar.xz
glibc-317b199b4aff8cfa27f2302ab404d2bb5032b9a4.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index ce6f8a2204..b620bbfcfa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2016-03-29  Florian Weimer  <fweimer@redhat.com>
 
+	[BZ #19879]
+	CVE-2016-3075
+	* resolv/nss_dns/dns-network.c (_nss_dns_getnetbyname_r): Do not
+	copy name.
+
+2016-03-29  Florian Weimer  <fweimer@redhat.com>
+
 	[BZ #19837]
 	* nss/nss_db/db-XXX.c (_nss_db_getENTNAME_r): Propagate ERANGE
 	error if parse_line fails.
author	Florian Weimer <fweimer@redhat.com>	2016-03-29 12:57:56 +0200
committer	Florian Weimer <fweimer@redhat.com>	2016-03-29 12:57:56 +0200
commit	317b199b4aff8cfa27f2302ab404d2bb5032b9a4 (patch)
tree	2a1de65b3b7bc6d897db54edc1e2abeeac01407d /ChangeLog
parent	a6033052d08027f745867e5e346852da1959226c (diff)
download	glibc-317b199b4aff8cfa27f2302ab404d2bb5032b9a4.tar.xz glibc-317b199b4aff8cfa27f2302ab404d2bb5032b9a4.zip