Based on:

upstream https://sourceware.org/git/?p=glibc.git;a=patch;h=2959eda9272a03386 

From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001
From: Arjun Shankar <arjun.is@lostca.se>
Date: Tue, 21 Apr 2015 14:06:31 +0200
Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
 [BZ#18287]

diff -Naur a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
--- a/resolv/nss_dns/dns-host.c	2017-08-21 18:36:45.558999856 +0530
+++ b/resolv/nss_dns/dns-host.c	2017-08-21 19:17:51.738740547 +0530
@@ -606,7 +606,8 @@
   int have_to_map = 0;
   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
   buffer += pad;
-  if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
+  buflen = buflen > pad ? buflen - pad : 0;
+  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
     {
       /* The buffer is too small.  */
     too_small: