summaryrefslogtreecommitdiff
path: root/resolv
diff options
context:
space:
mode:
Diffstat (limited to 'resolv')
-rw-r--r--resolv/Makefile4
-rw-r--r--resolv/inet_ntop.c2
-rw-r--r--resolv/nss_dns/dns-host.c15
-rw-r--r--resolv/nss_dns/dns-network.c43
-rw-r--r--resolv/tst-inet_ntop.c111
5 files changed, 153 insertions, 22 deletions
diff --git a/resolv/Makefile b/resolv/Makefile
index f6230da8fb..6ac226735a 100644
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -1,4 +1,4 @@
-# Copyright (C) 1994,1995,1996,1997,1998,1999,2000,2001,2003,2004
+# Copyright (C) 1994,1995,1996,1997,1998,1999,2000,2001,2003,2004,2007
# Free Software Foundation, Inc.
# This file is part of the GNU C Library.
@@ -32,7 +32,7 @@ distribute := ../conf/portability.h mapv4v6addr.h mapv4v6hostent.h \
routines := herror inet_addr inet_ntop inet_pton nsap_addr res_init \
res_hconf res_libc res-state
-tests = tst-aton tst-leaks
+tests = tst-aton tst-leaks tst-inet_ntop
xtests = tst-leaks2
generate := mtrace-tst-leaks tst-leaks.mtrace tst-leaks2.mtrace
diff --git a/resolv/inet_ntop.c b/resolv/inet_ntop.c
index e5553a1d3b..1222d08bda 100644
--- a/resolv/inet_ntop.c
+++ b/resolv/inet_ntop.c
@@ -96,7 +96,7 @@ inet_ntop4(src, dst, size)
static const char fmt[] = "%u.%u.%u.%u";
char tmp[sizeof "255.255.255.255"];
- if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) > size) {
+ if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) >= size) {
__set_errno (ENOSPC);
return (NULL);
}
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index 7045c5915b..cf060be8ef 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996-2003, 2004 Free Software Foundation, Inc.
+/* Copyright (C) 1996-2003, 2004, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -465,8 +465,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
char *aliases[MAX_NR_ALIASES];
unsigned char host_addr[16]; /* IPv4 or IPv6 */
char *h_addr_ptrs[0];
- } *host_data = (struct host_data *) buffer;
- int linebuflen = buflen - sizeof (struct host_data);
+ } *host_data;
+ int linebuflen;
register const HEADER *hp;
const u_char *end_of_message, *cp;
int n, ancount, qdcount;
@@ -478,8 +478,9 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
u_char packtmp[NS_MAXCDNAME];
int have_to_map = 0;
int32_t ttl = 0;
-
- if (__builtin_expect (linebuflen, 0) < 0)
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+ buffer += pad;
+ if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
{
/* The buffer is too small. */
too_small:
@@ -487,6 +488,10 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
*h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN;
}
+ host_data = (struct host_data *) buffer;
+ linebuflen = buflen - sizeof (struct host_data);
+ if (buflen - sizeof (struct host_data) != linebuflen)
+ linebuflen = INT_MAX;
tname = qname;
result->h_name = NULL;
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 97d9263895..4552b5b678 100644
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996, 1997, 1998, 1999, 2002, 2004
+/* Copyright (C) 1996, 1997, 1998, 1999, 2002, 2004, 2007
Free Software Foundation, Inc.
This file is part of the GNU C Library.
Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -102,7 +102,8 @@ extern int __ns_name_unpack (const u_char *, const u_char *,
/* Prototypes for local functions. */
static enum nss_status getanswer_r (const querybuf *answer, int anslen,
struct netent *result, char *buffer,
- size_t buflen, lookup_method net_i);
+ size_t buflen, int *errnop, int *h_errnop,
+ lookup_method net_i);
enum nss_status
@@ -142,7 +143,8 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result,
? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND;
}
- status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, BYNAME);
+ status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen,
+ errnop, herrnop, BYNAME);
if (net_buffer.buf != orig_net_buffer)
free (net_buffer.buf);
return status;
@@ -218,7 +220,8 @@ _nss_dns_getnetbyaddr_r (uint32_t net, int type, struct netent *result,
? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND;
}
- status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, BYADDR);
+ status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen,
+ errnop, herrnop, BYADDR);
if (net_buffer.buf != orig_net_buffer)
free (net_buffer.buf);
if (status == NSS_STATUS_SUCCESS)
@@ -240,7 +243,8 @@ _nss_dns_getnetbyaddr_r (uint32_t net, int type, struct netent *result,
static enum nss_status
getanswer_r (const querybuf *answer, int anslen, struct netent *result,
- char *buffer, size_t buflen, lookup_method net_i)
+ char *buffer, size_t buflen, int *errnop, int *h_errnop,
+ lookup_method net_i)
{
/*
* Find first satisfactory answer
@@ -260,8 +264,25 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
{
char *aliases[MAX_NR_ALIASES];
char linebuffer[0];
- } *net_data = (struct net_data *) buffer;
+ } *net_data;
+
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct net_data);
+ buffer += pad;
+
+ if (__builtin_expect (buflen < sizeof (*net_data) + pad, 0))
+ {
+ /* The buffer is too small. */
+ too_small:
+ *errnop = ERANGE;
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_TRYAGAIN;
+ }
+ buflen -= pad;
+
+ net_data = (struct net_data *) buffer;
int linebuflen = buflen - offsetof (struct net_data, linebuffer);
+ if (buflen - offsetof (struct net_data, linebuffer) != linebuflen)
+ linebuflen = INT_MAX;
const unsigned char *end_of_message = &answer->buf[anslen];
const HEADER *header_pointer = &answer->hdr;
/* #/records in the answer section. */
@@ -319,10 +340,7 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{
if (errno == EMSGSIZE)
- {
- errno = ERANGE;
- return NSS_STATUS_TRYAGAIN;
- }
+ goto too_small;
n = -1;
}
@@ -346,10 +364,7 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{
if (errno == EMSGSIZE)
- {
- errno = ERANGE;
- return NSS_STATUS_TRYAGAIN;
- }
+ goto too_small;
n = -1;
}
diff --git a/resolv/tst-inet_ntop.c b/resolv/tst-inet_ntop.c
new file mode 100644
index 0000000000..a042c74c91
--- /dev/null
+++ b/resolv/tst-inet_ntop.c
@@ -0,0 +1,111 @@
+#include <arpa/inet.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <stdio.h>
+#include <string.h>
+
+int
+main (void)
+{
+ struct in_addr addr4;
+ struct in6_addr addr6;
+ char buf[64];
+ int result = 0;
+
+ addr4.s_addr = 0xe0e0e0e0;
+ addr6.s6_addr16[0] = 0;
+ addr6.s6_addr16[1] = 0;
+ addr6.s6_addr16[2] = 0;
+ addr6.s6_addr16[3] = 0;
+ addr6.s6_addr16[4] = 0;
+ addr6.s6_addr16[5] = 0xffff;
+ addr6.s6_addr32[3] = 0xe0e0e0e0;
+ memset (buf, 'x', sizeof buf);
+
+ if (inet_ntop (AF_INET, &addr4, buf, 15) != NULL)
+ {
+ puts ("1st inet_ntop returned non-NULL");
+ result++;
+ }
+ else if (errno != ENOSPC)
+ {
+ puts ("1st inet_ntop didn't fail with ENOSPC");
+ result++;
+ }
+ if (buf[15] != 'x')
+ {
+ puts ("1st inet_ntop wrote past the end of buffer");
+ result++;
+ }
+
+ if (inet_ntop (AF_INET, &addr4, buf, 16) != buf)
+ {
+ puts ("2nd inet_ntop did not return buf");
+ result++;
+ }
+ if (memcmp (buf, "224.224.224.224\0" "xxxxxxxx", 24) != 0)
+ {
+ puts ("2nd inet_ntop wrote past the end of buffer");
+ result++;
+ }
+
+ if (inet_ntop (AF_INET6, &addr6, buf, 22) != NULL)
+ {
+ puts ("3rd inet_ntop returned non-NULL");
+ result++;
+ }
+ else if (errno != ENOSPC)
+ {
+ puts ("3rd inet_ntop didn't fail with ENOSPC");
+ result++;
+ }
+ if (buf[22] != 'x')
+ {
+ puts ("3rd inet_ntop wrote past the end of buffer");
+ result++;
+ }
+
+ if (inet_ntop (AF_INET6, &addr6, buf, 23) != buf)
+ {
+ puts ("4th inet_ntop did not return buf");
+ result++;
+ }
+ if (memcmp (buf, "::ffff:224.224.224.224\0" "xxxxxxxx", 31) != 0)
+ {
+ puts ("4th inet_ntop wrote past the end of buffer");
+ result++;
+ }
+
+ memset (&addr6.s6_addr, 0xe0, sizeof (addr6.s6_addr));
+
+ if (inet_ntop (AF_INET6, &addr6, buf, 39) != NULL)
+ {
+ puts ("5th inet_ntop returned non-NULL");
+ result++;
+ }
+ else if (errno != ENOSPC)
+ {
+ puts ("5th inet_ntop didn't fail with ENOSPC");
+ result++;
+ }
+ if (buf[39] != 'x')
+ {
+ puts ("5th inet_ntop wrote past the end of buffer");
+ result++;
+ }
+
+ if (inet_ntop (AF_INET6, &addr6, buf, 40) != buf)
+ {
+ puts ("6th inet_ntop did not return buf");
+ result++;
+ }
+ if (memcmp (buf, "e0e0:e0e0:e0e0:e0e0:e0e0:e0e0:e0e0:e0e0\0"
+ "xxxxxxxx", 48) != 0)
+ {
+ puts ("6th inet_ntop wrote past the end of buffer");
+ result++;
+ }
+
+
+ return result;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-28 04:01:38 +0000