aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--NEWS8
-rw-r--r--resolv/nss_dns/dns-network.c4
3 files changed, 14 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 88d2f1e..e416cd0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-16 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #17630]
+ * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+ names.
+
2014-12-15 Jeff Law <law@redhat.com>
[BZ #16617]
diff --git a/NEWS b/NEWS
index f6cdb66..9bc835c 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.20.1
* The following bugs are resolved with this release:
- 16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625.
+ 16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625, 17630.
* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
under certain input conditions resulting in the execution of a shell for
@@ -18,7 +18,11 @@ Version 2.20.1
shell and returns the error WRDE_CMDSUB as expected.
* CVE-2012-3406 printf-style functions could run into a stack overflow when
- processing format strings with a large number of format specifiers.a
+ processing format strings with a large number of format specifiers.
+
+* CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an
+ infinite loopif the DNS response contained a PTR record of an unexpected
+ format.
Version 2.20
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 0a77c8b..08cf0a6 100644
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
case BYNAME:
{
- char **ap = result->n_aliases++;
- while (*ap != NULL)
+ char **ap;
+ for (ap = result->n_aliases; *ap != NULL; ++ap)
{
/* Check each alias name for being of the forms:
4.3.2.1.in-addr.arpa = net 1.2.3.4