From 48d8f5a51d5dfe58ac6d205fa7430f364225fab2 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Wed, 13 Sep 2023 14:31:39 +0800
Subject: glibc: Fix CVE-2023-4527

---
 chapter08/glibc.xml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml
index 3932a2147..c648fe129 100644
--- a/chapter08/glibc.xml
+++ b/chapter08/glibc.xml
@@ -55,6 +55,18 @@
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-memalign-patch;</userinput></screen>
 
+    <!-- CVE-2023-4527
+         https://sourceware.org/bugzilla/show_bug.cgi?id=30842
+         https://sourceware.org/ml/libc-alpha/2023-September/151522.html -->
+    <para>Then fix a security vulnerability exploitable when the
+    <option>no-aaaa</option> option is used in
+    <filename>/etc/resolv.conf</filename>:</para>
+
+<screen><userinput remap="pre">sed \
+  -E "/__res_context_search/\
+      {N;N;s/(search \(([^,]*,){6}[^,]*)NULL/\1\&amp;alt_dns_packet_buffer/}" \
+  -i resolv/nss_dns/dns-host.c</userinput></screen>
+
     <para>The Glibc documentation recommends building Glibc
     in a dedicated build directory:</para>
 
-- 
cgit v1.2.3-54-g00ecf