about summary refs log tree commit diff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2006-05-06 19:18:15 +0000
committerUlrich Drepper <drepper@redhat.com>2006-05-06 19:18:15 +0000
commitacb98cb57d3d84f7f9410746ba82581d445158e1 (patch)
tree1db153706c03a7672c564d8e1a057145686cb802
parentbce16467708a050e1c88a010f7dfb370013e5ea6 (diff)
downloadglibc-acb98cb57d3d84f7f9410746ba82581d445158e1.tar.gz
glibc-acb98cb57d3d84f7f9410746ba82581d445158e1.tar.xz
glibc-acb98cb57d3d84f7f9410746ba82581d445158e1.zip
[BZ #2499]
	* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Avoid
	possibly unaligned memory accesses.
-rw-r--r--ChangeLog4
-rw-r--r--resolv/nss_dns/dns-canon.c16
2 files changed, 13 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 983502f123..eec0c20fda 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2006-05-06  Ulrich Drepper  <drepper@redhat.com>
 
+	[BZ #2499]
+	* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Avoid
+	possibly unaligned memory accesses.
+
 	* include/arpa/nameser.h: Also optimize NS_PUT16 and NS_PUT32.
 	* resolv/res_mkquery.c: Use NS_PUT16 and NS_PUT32 instead of __putshort
 	and __putlong respectively.  Correct buffer overflow check for
diff --git a/resolv/nss_dns/dns-canon.c b/resolv/nss_dns/dns-canon.c
index 91708df51f..fca6cd8997 100644
--- a/resolv/nss_dns/dns-canon.c
+++ b/resolv/nss_dns/dns-canon.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@redhat.com>, 2004.
 
@@ -40,6 +40,10 @@ typedef union querybuf
 } querybuf;
 
 
+static const short int qtypes[] = { ns_t_a, ns_t_aaaa };
+#define nqtypes (sizeof (qtypes) / sizeof (qtypes[0]))
+
+
 enum nss_status
 _nss_dns_getcanonname_r (const char *name, char *buffer, size_t buflen,
 			 char **result,int *errnop, int *h_errnop)
@@ -53,8 +57,6 @@ _nss_dns_getcanonname_r (const char *name, char *buffer, size_t buflen,
     unsigned char *ptr;
   } ansp = { .ptr = buf };
   enum nss_status status = NSS_STATUS_UNAVAIL;
-  int qtypes[] = { ns_t_a, ns_t_aaaa };
-#define nqtypes (sizeof (qtypes) / sizeof (qtypes[0]))
 
   for (int i = 0; i < nqtypes; ++i)
     {
@@ -101,7 +103,8 @@ _nss_dns_getcanonname_r (const char *name, char *buffer, size_t buflen,
 	      ptr += s;
 
 	      /* Check whether type and class match.  */
-	      unsigned int type = ntohs (*(uint16_t *) ptr);
+	      uint_fast16_t type;
+	      NS_GET16 (type, ptr);
 	      if (type == qtypes[i])
 		{
 		  /* We found the record.  */
@@ -130,15 +133,14 @@ _nss_dns_getcanonname_r (const char *name, char *buffer, size_t buflen,
 	      if (type != ns_t_cname)
 		goto unavail;
 
-	      ptr += sizeof (uint16_t);
-	      if (*(uint16_t *) ptr != htons (ns_c_in))
+	      if (ns_get16 (ptr) != ns_c_in)
 		goto unavail;
 
 	      /* Also skip over the TTL.  */
 	      ptr += sizeof (uint16_t) + sizeof (uint32_t);
 
 	      /* Skip over the data length and data.  */
-	      ptr += sizeof (uint16_t) + ntohs (*(uint16_t *) ptr);
+	      ptr += sizeof (uint16_t) + ns_get16 (ptr);
 	    }
 	}
     }