The patch will be in glibc 2.0.6 which should be released soonish
(we're pre-release testing at the moment). The patch has been for
some time already in the development version of glibc 2.1 but didn't
make it in the 2.0 track:-(. Sorry about that.
I'd advise everybody to upgrade to 2.0.6 when it's released since it
will fix other bugs as well.
Andreas
1997-05-23 15:26 Philip Blundell <pjb27@cam.ac.uk>
* resolv/res_query.c (res_querydomain): Avoid potential buffer
overrun. Reported by Dan A. Dickey <ddickey@transition.com>.
$ diff -u /dbase/glibc-2.0.6pre4/resolv/res_query.c /usr/glibc/src/libc/resolv/
--- /dbase/glibc-2.0.6pre4/resolv/res_query.c Mon Jan 6 23:05:43 1997
+++ /usr/glibc/src/libc/resolv/res_query.c Mon Dec 8 09:05:53 1997
@@ -321,7 +321,7 @@
u_char *answer; /* buffer to put answer */
int anslen; /* size of answer */
{
- char nbuf[MAXDNAME];
+ char nbuf[MAXDNAME * 2 + 2];
const char *longname = nbuf;
int n;
--
Andreas Jaeger aj@arthur.rhein-neckar.de jaeger@informatik.uni-kl.de
for pgp-key finger ajaeger@alma.student.uni-kl.de
http://www.student.uni-kl.de/~ajaeger/