summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teras <timo.teras@iki.fi>2010-05-07 17:19:20 +0300
committerAustin Foxley <austinf@cetoncorp.com>2010-05-07 08:34:21 -0700
commit7f16871e1d09f10e94192781ae6b317537742131 (patch)
tree3ff73e610b26808090e5a28b735ccca9e39fa1c4
parent685a6f283e98657104b71a7d694c99f19e454afa (diff)
resolv: various memory corruption and off by one fixes
Fixes resolution of names with AAAA entries and gethostbyaddr issues. Signed-off-by: Timo Teras <timo.teras@iki.fi> Signed-off-by: Austin Foxley <austinf@cetoncorp.com>
-rw-r--r--libc/inet/resolv.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c
index 84289a619..320aec4f5 100644
--- a/libc/inet/resolv.c
+++ b/libc/inet/resolv.c
@@ -689,7 +689,7 @@ int attribute_hidden __decode_dotted(const unsigned char *packet,
if (used + b + 1 >= dest_len)
return -1;
- if (offset + b + 1 >= packet_len)
+ if (offset + b >= packet_len)
return -1;
memcpy(dest + used, packet + offset, b);
offset += b;
@@ -2417,7 +2417,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen,
/* Layout in buf:
* char *alias[ALIAS_DIM];
* struct in[6]_addr* addr_list[2];
- * struct in[6]_addr* in;
+ * struct in[6]_addr in;
* char scratch_buffer[256+];
*/
#define in6 ((struct in6_addr *)in)
@@ -2431,9 +2431,13 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen,
#ifndef __UCLIBC_HAS_IPV6__
buf += sizeof(*in);
buflen -= sizeof(*in);
+ if (addrlen > sizeof(*in))
+ return ERANGE;
#else
buf += sizeof(*in6);
buflen -= sizeof(*in6);
+ if (addrlen > sizeof(*in6))
+ return ERANGE;
#endif
if ((ssize_t)buflen < 256)
return ERANGE;
@@ -2441,7 +2445,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen,
alias[1] = NULL;
addr_list[0] = in;
addr_list[1] = NULL;
- memcpy(&in, addr, addrlen);
+ memcpy(in, addr, addrlen);
if (0) /* nothing */;
#ifdef __UCLIBC_HAS_IPV4__
@@ -2456,7 +2460,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen,
char *dst = buf;
unsigned char *tp = (unsigned char *)addr + addrlen - 1;
do {
- dst += sprintf(dst, "%x.%x.", tp[i] & 0xf, tp[i] >> 4);
+ dst += sprintf(dst, "%x.%x.", tp[0] & 0xf, tp[0] >> 4);
tp--;
} while (tp >= (unsigned char *)addr);
strcpy(dst, "ip6.arpa");