Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 138731 Details for
Bug 202571
net-dns/mydns CVE-2007-2362 Remote Buffer Overflow Vulnerability
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch that fixes the vuln
05-fix-update-gobble-dns.patch (text/plain), 1.21 KB, created by
Pedro Fragoso
on 2007-12-17 13:42:28 UTC
(
hide
)
Description:
patch that fixes the vuln
Filename:
MIME Type:
Creator:
Pedro Fragoso
Created:
2007-12-17 13:42:28 UTC
Size:
1.21 KB
patch
obsolete
>--- src/mydns/update.c 2005-12-18 20:16:41.000000000 +0100 >+++ src/mydns/update.c 2007-04-28 11:14:15.000000000 +0200 >@@ -228,6 +228,9 @@ > DNS_GET16(rr->class, src); > DNS_GET32(rr->ttl, src); > DNS_GET16(rr->rdlength, src); >+ if(rr->rdlength > sizeof rr->rdata) >+ rr->rdlength = sizeof rr->rdata; >+ > memcpy(rr->rdata, src, rr->rdlength); > src += rr->rdlength; > >@@ -328,19 +331,16 @@ > { > int n, x; /* Offset in 'data' */ > >- for (n = 0; src < end && n < datalen; ) >+ for (n = 0; src < end && n < datalen - 1; ) > { > int len = *src++; > > if (n) > data[n++] = ' '; >- for (x = 0; x < len && src < end && n < datalen; x++) >+ for (x = 0; x < len && src < end && n < datalen - 1; x++) > data[n++] = *src++; > if (one_word_only) >- { >- data[n] = '\0'; >- return (src); >- } >+ break; > } > data[n] = '\0'; > return (src); > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=138731">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202571
:
138730
| 138731
