Fix off-by-one in nscd getservbyport call

3 files changed, 8 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index b70b51a..a35541e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-11-11  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #16153]
+	* nscd/nscd_getserv_r.c (__nscd_getservbyport_r): Don't include
+	terminating NUL in key length.
+
 2013-11-08  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
 
 	* sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h (VDSO_IFUNC_RET):
diff --git a/NEWS b/NEWS
index 6a72724..e92f5fc 100644
--- a/NEWS
+++ b/NEWS
@@ -17,7 +17,7 @@ Version 2.19
   15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887,
   15890, 15892, 15893, 15895, 15897, 15905, 15909, 15917, 15919, 15921,
   15923, 15939, 15948, 15963, 15966, 15985, 15988, 16032, 16034, 16036,
-  16037, 16041, 16071, 16072, 16074, 16078, 16112.
+  16037, 16041, 16071, 16072, 16074, 16078, 16112, 16153.
 
 * CVE-2012-4412 The strcoll implementation caches indices and rules for
   large collation sequences to optimize multiple passes.  This cache
diff --git a/nscd/nscd_getserv_r.c b/nscd/nscd_getserv_r.c
index c9c890c..7728258 100644
--- a/nscd/nscd_getserv_r.c
+++ b/nscd/nscd_getserv_r.c
@@ -54,7 +54,7 @@ __nscd_getservbyport_r (int port, const char *proto,
   portstr[sizeof (portstr) - 1] = '\0';
   char *cp = _itoa_word (port, portstr + sizeof (portstr) - 1, 10, 0);
 
-  return nscd_getserv_r (cp, portstr + sizeof (portstr) - cp, proto,
+  return nscd_getserv_r (cp, portstr + sizeof (portstr) - 1 - cp, proto,
 			 GETSERVBYPORT, result_buf, buf, buflen, result);
 }