resolv: Move ns_name_unpack to its own file and into libc

Reformat to GNU style. Avoid out-of-bounds buffer arithmetic.
Eliminate the labellen function.

The symbol was moved using scripts/move-symbol-to-libc.py.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

4 files changed, 119 insertions, 83 deletions

diff --git a/resolv/Makefile b/resolv/Makefile
index bb16175654..469a9a55ae 100644
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -33,6 +33,7 @@ routines := \
   inet_ntop \
   inet_pton \
   ns_name_ntop \
+  ns_name_unpack \
   nsap_addr \
   res-close \
   res-state \
diff --git a/resolv/Versions b/resolv/Versions
index 4bf1a13d48..9b5c4d9733 100644
--- a/resolv/Versions
+++ b/resolv/Versions
@@ -26,6 +26,7 @@ libc {
   }
   GLIBC_2.9 {
     ns_name_ntop;
+    ns_name_unpack;
   }
   GLIBC_2.34 {
 %if PTHREAD_IN_LIBC
@@ -35,6 +36,7 @@ libc {
     getaddrinfo_a;
 %endif
     ns_name_ntop;
+    ns_name_unpack;
   }
   GLIBC_PRIVATE {
 %if !PTHREAD_IN_LIBC
@@ -45,6 +47,7 @@ libc {
     __inet_pton_length;
     __res_iclose;
     __ns_name_ntop;
+    __ns_name_unpack;
     __resolv_context_get;
     __resolv_context_get_override;
     __resolv_context_get_preinit;
@@ -147,7 +150,6 @@ libresolv {
     ns_name_rollback;
     ns_name_skip;
     ns_name_uncompress;
-    ns_name_unpack;
     ns_parse_ttl;
     ns_parserr;
     ns_put16;
@@ -162,7 +164,6 @@ libresolv {
   GLIBC_PRIVATE {
     __ns_get16;
     __ns_get32;
-    __ns_name_unpack;
     __res_context_hostalias;
     __res_context_query;
     __res_context_search;
diff --git a/resolv/ns_name.c b/resolv/ns_name.c
index 4990003746..a0d541f110 100644
--- a/resolv/ns_name.c
+++ b/resolv/ns_name.c
@@ -218,87 +218,6 @@ ns_name_ntol(const u_char *src, u_char *dst, size_t dstsiz)
 }
 
 /*%
- *	Unpack a domain name from a message, source may be compressed.
- *
- * return:
- *\li	-1 if it fails, or consumed octets if it succeeds.
- */
-int
-ns_name_unpack(const u_char *msg, const u_char *eom, const u_char *src,
-	       u_char *dst, size_t dstsiz)
-{
-	const u_char *srcp, *dstlim;
-	u_char *dstp;
-	int n, len, checked, l;
-
-	len = -1;
-	checked = 0;
-	dstp = dst;
-	srcp = src;
-	dstlim = dst + dstsiz;
-	if (srcp < msg || srcp >= eom) {
-		__set_errno (EMSGSIZE);
-		return (-1);
-	}
-	/* Fetch next label in domain name. */
-	while ((n = *srcp++) != 0) {
-		/* Check for indirection. */
-		switch (n & NS_CMPRSFLGS) {
-		case 0:
-			/* Limit checks. */
-			if ((l = labellen(srcp - 1)) < 0) {
-				__set_errno (EMSGSIZE);
-				return(-1);
-			}
-			if (dstp + l + 1 >= dstlim || srcp + l >= eom) {
-				__set_errno (EMSGSIZE);
-				return (-1);
-			}
-			checked += l + 1;
-			*dstp++ = n;
-			memcpy(dstp, srcp, l);
-			dstp += l;
-			srcp += l;
-			break;
-
-		case NS_CMPRSFLGS:
-			if (srcp >= eom) {
-				__set_errno (EMSGSIZE);
-				return (-1);
-			}
-			if (len < 0)
-				len = srcp - src + 1;
-			srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff));
-			if (srcp < msg || srcp >= eom) {  /*%< Out of range. */
-				__set_errno (EMSGSIZE);
-				return (-1);
-			}
-			checked += 2;
-			/*
-			 * Check for loops in the compressed name;
-			 * if we've looked at the whole message,
-			 * there must be a loop.
-			 */
-			if (checked >= eom - msg) {
-				__set_errno (EMSGSIZE);
-				return (-1);
-			}
-			break;
-
-		default:
-			__set_errno (EMSGSIZE);
-			return (-1);			/*%< flag error */
-		}
-	}
-	*dstp = '\0';
-	if (len < 0)
-		len = srcp - src;
-	return (len);
-}
-libresolv_hidden_def (ns_name_unpack)
-strong_alias (ns_name_unpack, __ns_name_unpack)
-
-/*%
  *	Pack domain name 'domain' into 'comp_dn'.
  *
  * return:
diff --git a/resolv/ns_name_unpack.c b/resolv/ns_name_unpack.c
new file mode 100644
index 0000000000..1c1dd3ee8a
--- /dev/null
+++ b/resolv/ns_name_unpack.c
@@ -0,0 +1,115 @@
+/* De-compressing DNS domain names into binary-encoded uncompressed name.
+ * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 1996,1999 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <arpa/nameser.h>
+#include <errno.h>
+#include <shlib-compat.h>
+#include <stddef.h>
+#include <string.h>
+
+/* Unpack a domain name from a message, source may be compressed.
+   Returns -1 if it fails, or consumed octets if it succeeds.  */
+int
+___ns_name_unpack (const unsigned char *msg, const unsigned char *eom,
+                   const unsigned char *src, unsigned char *dst, size_t dstsiz)
+{
+  const unsigned char *srcp, *dstlim;
+  unsigned char *dstp;
+  int n, len, checked;
+
+  len = -1;
+  checked = 0;
+  dstp = dst;
+  srcp = src;
+  dstlim = dst + dstsiz;
+  if (srcp < msg || srcp >= eom)
+    {
+      __set_errno (EMSGSIZE);
+      return -1;
+    }
+  /* Fetch next label in domain name.  */
+  while ((n = *srcp++) != 0)
+    {
+      /* Check for indirection.  */
+      switch (n & NS_CMPRSFLGS)
+        {
+        case 0:
+          /* Limit checks.  */
+          if (n >= 64)
+            {
+              __set_errno (EMSGSIZE);
+              return -1;
+            }
+          /* NB: n + 1 and >= to cover the *dstp = '\0' assignment
+             below.  */
+          if (n + 1 >= dstlim - dstp || n >= eom - srcp)
+            {
+              __set_errno (EMSGSIZE);
+              return -1;
+            }
+          checked += n + 1;
+          *dstp++ = n;
+          memcpy (dstp, srcp, n);
+          dstp += n;
+          srcp += n;
+          break;
+
+        case NS_CMPRSFLGS:
+          if (srcp >= eom)
+            {
+              __set_errno (EMSGSIZE);
+              return -1;
+            }
+          if (len < 0)
+            len = srcp - src + 1;
+          {
+            int target = ((n & 0x3f) << 8) | *srcp;
+            if (target >= eom - msg)
+              {
+              /* Out of range.  */
+                __set_errno (EMSGSIZE);
+                return -1;
+            }
+            srcp = msg + target;
+          }
+          checked += 2;
+          /* Check for loops in the compressed name; if we've looked
+             at the whole message, there must be a loop.  */
+          if (checked >= eom - msg)
+            {
+              __set_errno (EMSGSIZE);
+              return -1;
+            }
+          break;
+
+        default:
+          __set_errno (EMSGSIZE);
+          return -1;
+        }
+    }
+  *dstp = '\0';
+  if (len < 0)
+    len = srcp - src;
+  return len;
+}
+versioned_symbol (libc, ___ns_name_unpack, ns_name_unpack, GLIBC_2_34);
+versioned_symbol (libc, ___ns_name_unpack, __ns_name_unpack, GLIBC_PRIVATE);
+libc_hidden_ver (___ns_name_unpack, __ns_name_unpack)
+
+#if OTHER_SHLIB_COMPAT (libresolv, GLIBC_2_9, GLIBC_2_34)
+compat_symbol (libresolv, ___ns_name_unpack, ns_name_unpack, GLIBC_2_9);
+#endif