diff options
| author | Florian Weimer <fweimer@redhat.com> | 2021-07-19 07:55:27 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2021-07-19 07:56:13 +0200 |
| commit | cff2c78c513ef8d51e69a6933f1c6aef8a24a6d6 (patch) | |
| tree | c02340cf73c5d1a9ff330ef9e6e3766ddd09c0b7 /resolv | |
| parent | 248dbed1187038918d79f62cd9cf631f4150c2a0 (diff) | |
| download | glibc-cff2c78c513ef8d51e69a6933f1c6aef8a24a6d6.tar.gz glibc-cff2c78c513ef8d51e69a6933f1c6aef8a24a6d6.tar.xz glibc-cff2c78c513ef8d51e69a6933f1c6aef8a24a6d6.zip | |
resolv: Move ns_name_skip to its own file and into libc (bug 28091)
And reformat to GNU style. Avoid out-of-bounds pointer arithmetic. This also results in a fix of bug 28091 due to the additional packet length checks. The symbol was moved using scripts/move-symbol-to-libc.py. Reviewed-by: Carlos O'Donell <carlos@systemhalted.org>
Diffstat (limited to 'resolv')
| -rw-r--r-- | resolv/Makefile | 1 | ||||
| -rw-r--r-- | resolv/Versions | 5 | ||||
| -rw-r--r-- | resolv/ns_name.c | 37 | ||||
| -rw-r--r-- | resolv/ns_name_skip.c | 70 |
4 files changed, 75 insertions, 38 deletions
diff --git a/resolv/Makefile b/resolv/Makefile index 469a9a55ae..91ce46a3b9 100644 --- a/resolv/Makefile +++ b/resolv/Makefile @@ -33,6 +33,7 @@ routines := \ inet_ntop \ inet_pton \ ns_name_ntop \ + ns_name_skip \ ns_name_unpack \ nsap_addr \ res-close \ diff --git a/resolv/Versions b/resolv/Versions index 9b5c4d9733..b075881b24 100644 --- a/resolv/Versions +++ b/resolv/Versions @@ -26,6 +26,7 @@ libc { } GLIBC_2.9 { ns_name_ntop; + ns_name_skip; ns_name_unpack; } GLIBC_2.34 { @@ -36,6 +37,7 @@ libc { getaddrinfo_a; %endif ns_name_ntop; + ns_name_skip; ns_name_unpack; } GLIBC_PRIVATE { @@ -45,9 +47,10 @@ libc { __h_errno; __inet_aton_exact; __inet_pton_length; - __res_iclose; __ns_name_ntop; + __ns_name_skip; __ns_name_unpack; + __res_iclose; __resolv_context_get; __resolv_context_get_override; __resolv_context_get_preinit; diff --git a/resolv/ns_name.c b/resolv/ns_name.c index a0d541f110..58d6a60ce4 100644 --- a/resolv/ns_name.c +++ b/resolv/ns_name.c @@ -397,43 +397,6 @@ ns_name_rollback(const u_char *src, const u_char **dnptrs, } } -/*% - * Advance *ptrptr to skip over the compressed name it points at. - * - * return: - *\li 0 on success, -1 (with errno set) on failure. - */ -int -ns_name_skip(const u_char **ptrptr, const u_char *eom) -{ - const u_char *cp; - u_int n; - - cp = *ptrptr; - while (cp < eom && (n = *cp++) != 0) { - /* Check for indirection. */ - switch (n & NS_CMPRSFLGS) { - case 0: /*%< normal case, n == len */ - cp += n; - continue; - case NS_CMPRSFLGS: /*%< indirection */ - cp++; - break; - default: /*%< illegal type */ - __set_errno (EMSGSIZE); - return (-1); - } - break; - } - if (cp > eom) { - __set_errno (EMSGSIZE); - return (-1); - } - *ptrptr = cp; - return (0); -} -libresolv_hidden_def (ns_name_skip) - /* Private. */ /*% diff --git a/resolv/ns_name_skip.c b/resolv/ns_name_skip.c new file mode 100644 index 0000000000..c26d658a49 --- /dev/null +++ b/resolv/ns_name_skip.c @@ -0,0 +1,70 @@ +/* Skip over a (potentially compressed) domain name in wire format. + * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1996,1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <arpa/nameser.h> +#include <errno.h> +#include <shlib-compat.h> + +/* Advances *PTRPTR to skip over the compressed name it points at. + Returns 0 on success, -1 (with errno set) on failure. */ +int +___ns_name_skip (const unsigned char **ptrptr, const unsigned char *eom) +{ + const unsigned char *cp; + unsigned int n; + + cp = *ptrptr; + while (cp < eom) + { + n = *cp++; + if (n == 0) + { + /* End of domain name without indirection. */ + *ptrptr = cp; + return 0; + } + + /* Check for indirection. */ + switch (n & NS_CMPRSFLGS) + { + case 0: /* Normal case, n == len. */ + if (eom - cp < n) + goto malformed; + cp += n; + break; + case NS_CMPRSFLGS: /* Indirection. */ + if (cp == eom) + /* No room for second indirection byte. */ + goto malformed; + *ptrptr = cp + 1; + return 0; + default: /* Illegal type. */ + goto malformed; + } + } + + malformed: + __set_errno (EMSGSIZE); + return -1; +} +versioned_symbol (libc, ___ns_name_skip, ns_name_skip, GLIBC_2_34); +versioned_symbol (libc, ___ns_name_skip, __ns_name_skip, GLIBC_PRIVATE); +libc_hidden_ver (___ns_name_skip, __ns_name_skip) + +#if OTHER_SHLIB_COMPAT (libresolv, GLIBC_2_9, GLIBC_2_34) +compat_symbol (libresolv, ___ns_name_skip, ns_name_skip, GLIBC_2_9); +#endif |