summary refs log tree commit diff
path: root/resolv/gethnamaddr.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1998-05-29 10:21:16 +0000
committerUlrich Drepper <drepper@redhat.com>1998-05-29 10:21:16 +0000
commit66715f834cb1f2f5c3742e94f73bd630ea4b14eb (patch)
treeddf10eb9dab578cbe895b7bf351584d47f64a2fc /resolv/gethnamaddr.c
parentf962d792472c45c9bccdc6b0697ad3d6350e9270 (diff)
downloadglibc-66715f834cb1f2f5c3742e94f73bd630ea4b14eb.tar.gz
glibc-66715f834cb1f2f5c3742e94f73bd630ea4b14eb.tar.xz
glibc-66715f834cb1f2f5c3742e94f73bd630ea4b14eb.zip
Update.
1998-05-28 00:53  Zack Weinberg  <zack@rabi.phys.columbia.edu>

	* glibcbug.in: Send to bugs@gnu or libc-alpha@cygnus depending
	on whether this is a stable release or not (keeps snapshot bug
	reports out of the database).

	* include/libc-symbols.h: Use __ASSEMBLER__ test macro not ASSEMBLER.
	* sysdeps/arm/sysdep.h: Likewise.
	* sysdeps/i386/sysdep.h: Likewise.
	* sysdeps/m68k/sysdep.h: Likewise.
	* sysdeps/mach/mips/sysdep.h: Likewise.
	* sysdeps/mach/sys/reboot.h: Likewise.
	* sysdeps/mach/sysdep.h: Likewise.
	* sysdeps/unix/alpha/sysdep.h: Likewise.
	* sysdeps/unix/bsd/hp/m68k/sysdep.h: Likewise.
	* sysdeps/unix/bsd/osf/alpha/sysdep.h: Likewise.
	* sysdeps/unix/bsd/sequent/i386/sysdep.h: Likewise.
	* sysdeps/unix/bsd/sony/newsos/m68k/sysdep.h: Likewise.
	* sysdeps/unix/bsd/sun/m68k/sysdep.h: Likewise.
	* sysdeps/unix/bsd/vax/sysdep.h: Likewise.
	* sysdeps/unix/i386/sysdep.h: Likewise.
	* sysdeps/unix/mips/sysdep.h: Likewise.
	* sysdeps/unix/sparc/sysdep.h: Likewise.
	* sysdeps/unix/sysv/linux/alpha/sysdep.h: Likewise.
	* sysdeps/unix/sysv/linux/arm/sysdep.h: Likewise.
	* sysdeps/unix/sysv/linux/i386/sysdep.h: Likewise.
	* sysdeps/unix/sysv/linux/m68k/sysdep.h: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/sysdep.h: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc32/sysdep.h: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/sysdep.h: Likewise.
	* sysdeps/unix/sysv/sysv4/solaris2/sparc/sysdep.h: Likewise.

1998-05-27  Mark Kettenis  <kettenis@phys.uva.nl>

	* mach/Machrules: Use $(move-if-change).

1998-05-27  Mark Kettenis  <kettenis@phys.uva.nl>

	* Makeconfig [elf=yes] (+interp): New variable, set to interp.os.
	* Makerules (lib%.so): Depend on $(+interp).
	(libc.so): Add interp.os to list of dependencies.
	(interp-obj): Remove variable.
	* mach/Machrules (+interp): Define to empty since libhurduser and
	libmachuser don't need to have the interpreter set.

1998-05-28  Andreas Jaeger  <aj@arthur.rhein-neckar.de>

	* resolv/res_send.c: Security fixes from bind 4.9.7-REL.

	* resolv/gethnamaddr.c: Likewise.

	* resolv/res_comp.c: Likewise.

1998-05-28  Mark Kettenis  <kettenis@phys.uva.nl>

	* sysdeps/mach/hurd/wait4.c (__wait4): Use ANSI-style definition
	so that transparent union works.
Diffstat (limited to 'resolv/gethnamaddr.c')
-rw-r--r--resolv/gethnamaddr.c44
1 files changed, 41 insertions, 3 deletions
diff --git a/resolv/gethnamaddr.c b/resolv/gethnamaddr.c
index 4c8180fca8..3272dbd591 100644
--- a/resolv/gethnamaddr.c
+++ b/resolv/gethnamaddr.c
@@ -160,6 +160,24 @@ dprintf(msg, num)
 # define dprintf(msg, num) /*nada*/
 #endif
 
+#define BOUNDED_INCR(x) \
+	do { \
+		cp += x; \
+		if (cp > eom) { \
+			__set_h_errno (NO_RECOVERY); \
+			return (NULL); \
+		} \
+	} while (0)
+
+#define BOUNDS_CHECK(ptr, count) \
+	do { \
+		if ((ptr) + (count) > eom) { \
+			__set_h_errno (NO_RECOVERY); \
+			return (NULL); \
+		} \
+	} while (0)
+
+
 static struct hostent *
 getanswer(answer, anslen, qname, qtype)
 	const querybuf *answer;
@@ -170,7 +188,7 @@ getanswer(answer, anslen, qname, qtype)
 	register const HEADER *hp;
 	register const u_char *cp;
 	register int n;
-	const u_char *eom;
+	const u_char *eom, *erdata;
 	char *bp, **ap, **hap;
 	int type, class, buflen, ancount, qdcount;
 	int haveanswer, had_error;
@@ -201,7 +219,8 @@ getanswer(answer, anslen, qname, qtype)
 	qdcount = ntohs(hp->qdcount);
 	bp = hostbuf;
 	buflen = sizeof hostbuf;
-	cp = answer->buf + HFIXEDSZ;
+	cp = answer->buf;
+	BOUNDED_INCR(HFIXEDSZ);
 	if (qdcount != 1) {
 		__set_h_errno (NO_RECOVERY);
 		return (NULL);
@@ -211,7 +230,7 @@ getanswer(answer, anslen, qname, qtype)
 		__set_h_errno (NO_RECOVERY);
 		return (NULL);
 	}
-	cp += n + QFIXEDSZ;
+	BOUNDED_INCR(n + QFIXEDSZ);
 	if (qtype == T_A || qtype == T_AAAA) {
 		/* res_send() has already verified that the query name is the
 		 * same as the one we sent; this just gets the expanded name
@@ -243,12 +262,15 @@ getanswer(answer, anslen, qname, qtype)
 			continue;
 		}
 		cp += n;			/* name */
+		BOUNDS_CHECK(cp, 3 * INT16SZ + INT32SZ);
 		type = _getshort(cp);
  		cp += INT16SZ;			/* type */
 		class = _getshort(cp);
  		cp += INT16SZ + INT32SZ;	/* class, TTL */
 		n = _getshort(cp);
 		cp += INT16SZ;			/* len */
+		BOUNDS_CHECK(cp, n);
+		erdata = cp + n;
 		if (class != C_IN) {
 			/* XXX - debug? syslog? */
 			cp += n;
@@ -263,6 +285,10 @@ getanswer(answer, anslen, qname, qtype)
 				continue;
 			}
 			cp += n;
+			if (cp != erdata) {
+				__set_h_errno (NO_RECOVERY);
+				return (NULL);
+			}
 			/* Store alias. */
 			*ap++ = bp;
 			n = strlen(bp) + 1;	/* for the \0 */
@@ -291,6 +317,10 @@ getanswer(answer, anslen, qname, qtype)
 				continue;
 			}
 			cp += n;
+			if (cp != erdata) {
+				__set_h_errno (NO_RECOVERY);
+				return (NULL);
+			}
 			/* Get canonical name. */
 			n = strlen(tbuf) + 1;	/* for the \0 */
 			if (n > buflen || n >= MAXHOSTNAMELEN) {
@@ -326,6 +356,10 @@ getanswer(answer, anslen, qname, qtype)
 			}
 #if MULTI_PTRS_ARE_ALIASES
 			cp += n;
+			if (cp != erdata) {
+				__set_h_errno (NO_RECOVERY);
+				return (NULL);
+			}
 			if (!haveanswer)
 				host.h_name = bp;
 			else if (ap < &host_aliases[MAXALIASES-1])
@@ -397,6 +431,10 @@ getanswer(answer, anslen, qname, qtype)
 			bp += n;
 			buflen -= n;
 			cp += n;
+			if (cp != erdata) {
+				__set_h_errno (NO_RECOVERY);
+				return (NULL);
+			}
 			break;
 		default:
 			abort();