glibc/0032-hesiod-Avoid-heap-overflow-in-get_txt_records-BZ-200.patch

2016-05-02  Florian Weimer  <fweimer@redhat.com>

	[BZ #20031]
	* hesiod/hesiod.c (get_txt_records): Return error if TXT record is
	completely empty.

Index: glibc-2.23/hesiod/hesiod.c
===================================================================
--- glibc-2.23.orig/hesiod/hesiod.c
+++ glibc-2.23/hesiod/hesiod.c
@@ -411,7 +411,7 @@ get_txt_records(struct hesiod_p *ctx, in
 		cp += INT16SZ + INT32SZ;	/* skip the ttl, too */
 		rr.dlen = ns_get16(cp);
 		cp += INT16SZ;
-		if (cp + rr.dlen > eom) {
+		if (rr.dlen == 0 || cp + rr.dlen > eom) {
 			__set_errno(EMSGSIZE);
 			goto cleanup;
 		}