The patch will be in glibc 2.0.6 which should be released soonish
(we're pre-release testing at the moment). The patch has been for
some time already in the development version of glibc 2.1 but didn't
make it in the 2.0 track:-(. Sorry about that.
I'd advise everybody to upgrade to 2.0.6 when it's released since it
will fix other bugs as well.
1997-05-23 15:26 Philip Blundell <email@example.com>
* resolv/res_query.c (res_querydomain): Avoid potential buffer
overrun. Reported by Dan A. Dickey <firstname.lastname@example.org>.
$ diff -u /dbase/glibc-2.0.6pre4/resolv/res_query.c /usr/glibc/src/libc/resolv/
--- /dbase/glibc-2.0.6pre4/resolv/res_query.c Mon Jan 6 23:05:43 1997
+++ /usr/glibc/src/libc/resolv/res_query.c Mon Dec 8 09:05:53 1997
@@ -321,7 +321,7 @@
u_char *answer; /* buffer to put answer */
int anslen; /* size of answer */
- char nbuf[MAXDNAME];
+ char nbuf[MAXDNAME * 2 + 2];
const char *longname = nbuf;
-- Andreas Jaeger email@example.com firstname.lastname@example.org for pgp-key finger email@example.com http://www.student.uni-kl.de/~ajaeger/