Fix CVE-2014-9402 - denial of service in getnetbyname function. Backport from https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=11e3417af6e354f1942c68a271ae51e892b2814d See https://bugzilla.redhat.com/show_bug.cgi?id=1175369 Signed-off-by: Gustavo Zacarias diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c index 0a77c8b..08cf0a6 100644 --- a/resolv/nss_dns/dns-network.c +++ b/resolv/nss_dns/dns-network.c @@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result, case BYNAME: { - char **ap = result->n_aliases++; - while (*ap != NULL) + char **ap; + for (ap = result->n_aliases; *ap != NULL; ++ap) { /* Check each alias name for being of the forms: 4.3.2.1.in-addr.arpa = net 1.2.3.4 -- 1.7.1