diff options
author | Timo Teras <timo.teras@iki.fi> | 2010-05-07 17:19:20 +0300 |
---|---|---|
committer | Austin Foxley <austinf@cetoncorp.com> | 2010-05-07 08:34:21 -0700 |
commit | 7f16871e1d09f10e94192781ae6b317537742131 (patch) | |
tree | 3ff73e610b26808090e5a28b735ccca9e39fa1c4 | |
parent | 685a6f283e98657104b71a7d694c99f19e454afa (diff) |
resolv: various memory corruption and off by one fixes
Fixes resolution of names with AAAA entries and gethostbyaddr issues.
Signed-off-by: Timo Teras <timo.teras@iki.fi>
Signed-off-by: Austin Foxley <austinf@cetoncorp.com>
-rw-r--r-- | libc/inet/resolv.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c index 84289a619..320aec4f5 100644 --- a/libc/inet/resolv.c +++ b/libc/inet/resolv.c @@ -689,7 +689,7 @@ int attribute_hidden __decode_dotted(const unsigned char *packet, if (used + b + 1 >= dest_len) return -1; - if (offset + b + 1 >= packet_len) + if (offset + b >= packet_len) return -1; memcpy(dest + used, packet + offset, b); offset += b; @@ -2417,7 +2417,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen, /* Layout in buf: * char *alias[ALIAS_DIM]; * struct in[6]_addr* addr_list[2]; - * struct in[6]_addr* in; + * struct in[6]_addr in; * char scratch_buffer[256+]; */ #define in6 ((struct in6_addr *)in) @@ -2431,9 +2431,13 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen, #ifndef __UCLIBC_HAS_IPV6__ buf += sizeof(*in); buflen -= sizeof(*in); + if (addrlen > sizeof(*in)) + return ERANGE; #else buf += sizeof(*in6); buflen -= sizeof(*in6); + if (addrlen > sizeof(*in6)) + return ERANGE; #endif if ((ssize_t)buflen < 256) return ERANGE; @@ -2441,7 +2445,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen, alias[1] = NULL; addr_list[0] = in; addr_list[1] = NULL; - memcpy(&in, addr, addrlen); + memcpy(in, addr, addrlen); if (0) /* nothing */; #ifdef __UCLIBC_HAS_IPV4__ @@ -2456,7 +2460,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen, char *dst = buf; unsigned char *tp = (unsigned char *)addr + addrlen - 1; do { - dst += sprintf(dst, "%x.%x.", tp[i] & 0xf, tp[i] >> 4); + dst += sprintf(dst, "%x.%x.", tp[0] & 0xf, tp[0] >> 4); tp--; } while (tp >= (unsigned char *)addr); strcpy(dst, "ip6.arpa"); |