From Alt Linux: glibc-2.5-owl-alt-resolv-QFIXEDSZ-underfills.patch

From Owl Linux glibc.spec:
Avoid some potential reads beyond end of undersized DNS responses by
making sure they're at least HFIXEDSZ+QFIXEDSZ in size; pointed out by
Dmitry V. Levin of ALT Linux.

diff -Naur glibc-2.8-20080929.orig/resolv/res_send.c glibc-2.8-20080929/resolv/res_send.c
--- glibc-2.8-20080929.orig/resolv/res_send.c	2007-08-22 04:02:38.000000000 +0000
+++ glibc-2.8-20080929/resolv/res_send.c	2008-10-16 23:32:11.000000000 +0000
@@ -742,7 +742,9 @@
 		}
 	} else
 		len = resplen;
-	if (len < HFIXEDSZ) {
+	if (len < HFIXEDSZ ||
+	    (len < HFIXEDSZ + QFIXEDSZ &&
+	    anssiz >= HFIXEDSZ + QFIXEDSZ)) {
 		/*
 		 * Undersized message.
 		 */
@@ -955,7 +957,9 @@
 			goto err_out;
 		}
 		*gotsomewhere = 1;
-		if (resplen < HFIXEDSZ) {
+		if (resplen < HFIXEDSZ ||
+		    (resplen < HFIXEDSZ + QFIXEDSZ &&
+		    anssiz >= HFIXEDSZ + QFIXEDSZ)) {
 			/*
 			 * Undersized message.
 			 */