From 146b58d11fddbef15b888906e3be4f33900c416f Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Tue, 29 Mar 2016 12:57:56 +0200 Subject: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879] The defensive copy is not needed because the name may not alias the output buffer. (cherry picked from commit 317b199b4aff8cfa27f2302ab404d2bb5032b9a4) (cherry picked from commit 883dceebc8f11921a9890211a4e202e5be17562f) --- ChangeLog | 7 +++++++ NEWS | 10 ++++++++-- resolv/nss_dns/dns-network.c | 5 +---- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c index 2eb2f67..8f301a7 100644 --- a/resolv/nss_dns/dns-network.c +++ b/resolv/nss_dns/dns-network.c @@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result, } net_buffer; querybuf *orig_net_buffer; int anslen; - char *qbuf; enum nss_status status; if (__res_maybe_init (&_res, 0) == -1) return NSS_STATUS_UNAVAIL; - qbuf = strdupa (name); - net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024); - anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf, + anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf, 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL); if (anslen < 0) { -- 2.9.3 /guix/diff/po/packages/POTFILES.in?id=580d77d0fb12448ef1621699cc0c56e787e2aadb'>diff
path: root/po/packages/POTFILES.in
AgeCommit message (Expand)Author
2023-02-03gnu: Remove key-mon.scm....The file is empty. * gnu/packages/key-mon.scm: Remove file. * gnu/local.mk (GNU_SYSTEM_MODULES): Remove it. * po/packages/POTFILES.in: Remove it. Julien Lepiller
2022-11-20scripts: Use translations for guix.pot for service descriptions....Previously, service descriptions appeared in both guix.pot and packages.pot, but only translations of packages.pot were used. Now, translations are only done with guix.pot. This is better, because translators are more likely to translate guix.pot, and is also easier, because files in gnu/{home/,}services need to be in po/guix/POTFILES.in anyway and po/guix/Makevars already acts on the 'description' keyword because of lint checkers. * guix/scripts/home.scm (service-type-description-string): Use translations from guix.pot. * guix/scripts/system/search.scm (service-type-description-string) (service-type->recutils): Likewise. * po/packages/POTFILES.in: Move files in gnu/services to ... * po/guix/POTFILES.in: ... here. pelzflorian (Florian Pelz)