|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
GNU glibc Information for VU#738331
| Date Notified | 08/15/2002 |
| Date Modified | 04/15/2003 03:39:26 PM |
| Status Summary | Vulnerable |
Vendor StatementVersion 2.2.5 of the GNU C Library is vulnerable. The following patch has been installed into the CVS sources, and should appear in the next version.
2002-09-04 Roland McGrath <roland@redhat.com>
* resolv/nss_dns/dns-network.c (MAXPACKET): Increase minimum value
from 1024 to 65536, to avoid buffer overrun.
2002-08-24 Ulrich Drepper <drepper@redhat.com>
* resolv/nss_dns/dns-host.c (MAXPACKET): Likewise.
2002-08-16 Paul Eggert <eggert@twinsun.com>
* resolv/gethnamaddr.c (MAXPACKET): Likewise.
* resolv/res_query.c (MAXPACKET): Likewise.
===================================================================
RCS file: /cvs/glibc/libc/resolv/nss_dns/dns-network.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- libc/resolv/nss_dns/dns-network.c 2002/08/26 06:20:05 1.12
+++ libc/resolv/nss_dns/dns-network.c 2002/09/05 01:23:06 1.13
@@ -70,10 +70,10 @@
#define MAX_NR_ALIASES 48
-#if PACKETSZ > 1024
-#define MAXPACKET PACKETSZ
+#if PACKETSZ > 65536
+# define MAXPACKET PACKETSZ
#else
-#define MAXPACKET 1024
+# define MAXPACKET 65536
#endif
===================================================================
RCS file: /cvs/glibc/libc/resolv/nss_dns/dns-host.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- libc/resolv/nss_dns/dns-host.c 2002/08/03 03:42:06 1.32
+++ libc/resolv/nss_dns/dns-host.c 2002/08/24 22:29:11 1.33
@@ -92,10 +92,10 @@
#define MAX_NR_ALIASES 48
#define MAX_NR_ADDRS 48
-#if PACKETSZ > 1024
+#if PACKETSZ > 65536
# define MAXPACKET PACKETSZ
#else
-# define MAXPACKET 1024
+# define MAXPACKET 65536
#endif
/* As per RFC 1034 and 1035 a host name cannot exceed 255 octets in length. */
#ifdef MAXHOSTNAMELEN
===================================================================
RCS file: /cvs/glibc/libc/resolv/gethnamaddr.c,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- libc/resolv/gethnamaddr.c 2002/08/03 03:40:54 1.39
+++ libc/resolv/gethnamaddr.c 2002/08/24 22:29:11 1.40
@@ -115,10 +115,10 @@
extern void addrsort __P((char **, int));
#endif
-#if PACKETSZ > 1024
+#if PACKETSZ > 65536
#define MAXPACKET PACKETSZ
#else
-#define MAXPACKET 1024
+#define MAXPACKET 65536
#endif
/* As per RFC 1034 and 1035 a host name cannot exceed 255 octets in length. */
===================================================================
RCS file: /cvs/glibc/libc/resolv/res_query.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- libc/resolv/res_query.c 2001/01/08 17:55:24 1.16
+++ libc/resolv/res_query.c 2002/08/24 22:29:11 1.17
@@ -85,10 +85,10 @@
/* Options. Leave them on. */
/* #undef DEBUG */
-#if PACKETSZ > 1024
+#if PACKETSZ > 65536
#define MAXPACKET PACKETSZ
#else
-#define MAXPACKET 1024
+#define MAXPACKET 65536
#endif
/*
US-CERT AddendumThe CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
