diff options
| author | Florian Weimer <fweimer@redhat.com> | 2023-09-13 14:10:56 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2023-09-13 14:10:56 +0200 |
| commit | bd77dd7e73e3530203be1c52c8a29d08270cb25d (patch) | |
| tree | b5d84f536d6c48f6ca85b61b42231fe01fc4384a /resolv/Makefile | |
| parent | c8fa383f4cec9cf1c0cc8ec97903c09af10286f4 (diff) | |
| download | glibc-bd77dd7e73e3530203be1c52c8a29d08270cb25d.tar.xz glibc-bd77dd7e73e3530203be1c52c8a29d08270cb25d.zip | |
CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode
Without passing alt_dns_packet_buffer, __res_context_search can only
store 2048 bytes (what fits into dns_packet_buffer). However,
the function returns the total packet size, and the subsequent
DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
of the stack-allocated buffer.
Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa
stub resolver option") and bug 30842.
Diffstat (limited to 'resolv/Makefile')
| -rw-r--r-- | resolv/Makefile | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/resolv/Makefile b/resolv/Makefile index 054b1fa36c..2f99eb3862 100644 --- a/resolv/Makefile +++ b/resolv/Makefile @@ -102,6 +102,7 @@ tests += \ tst-resolv-invalid-cname \ tst-resolv-network \ tst-resolv-noaaaa \ + tst-resolv-noaaaa-vc \ tst-resolv-nondecimal \ tst-resolv-res_init-multi \ tst-resolv-search \ @@ -293,6 +294,7 @@ $(objpfx)tst-resolv-res_init-thread: $(objpfx)libresolv.so \ $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \ $(shared-thread-library) $(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library) +$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) |