diff options
Diffstat (limited to 'resolv')
| -rw-r--r-- | resolv/Banner | 2 | ||||
| -rw-r--r-- | resolv/base64.c | 10 | ||||
| -rw-r--r-- | resolv/gethnamaddr.c | 44 | ||||
| -rw-r--r-- | resolv/inet_net_pton.c | 2 | ||||
| -rw-r--r-- | resolv/nss_dns/dns-host.c | 32 | ||||
| -rw-r--r-- | resolv/res_comp.c | 7 | ||||
| -rw-r--r-- | resolv/res_debug.c | 49 | ||||
| -rw-r--r-- | resolv/res_init.c | 2 | ||||
| -rw-r--r-- | resolv/res_send.c | 5 |
9 files changed, 104 insertions, 49 deletions
diff --git a/resolv/Banner b/resolv/Banner index d11ab500fb..a792533a9e 100644 --- a/resolv/Banner +++ b/resolv/Banner @@ -1 +1 @@ -BIND-4.9.5-P1 +BIND-4.9.6-T1A diff --git a/resolv/base64.c b/resolv/base64.c index 5d9eb6ec3d..4e7e2a06d5 100644 --- a/resolv/base64.c +++ b/resolv/base64.c @@ -281,7 +281,12 @@ b64_pton(src, target, targsize) case 2: /* Valid, means one byte of info */ /* Skip any number of spaces. */ +#ifdef _LIBC + /* To avoid warnings. */ for ( ; ch != '\0'; ch = *src++) +#else + for (NULL; ch != '\0'; ch = *src++) +#endif if (!isspace(ch)) break; /* Make sure there is another trailing = sign. */ @@ -296,7 +301,12 @@ b64_pton(src, target, targsize) * We know this char is an =. Is there anything but * whitespace after it? */ +#ifdef _LIBC + /* To avoid warnings. */ for ( ; ch != '\0'; ch = *src++) +#else + for (NULL; ch != '\0'; ch = *src++) +#endif if (!isspace(ch)) return (-1); diff --git a/resolv/gethnamaddr.c b/resolv/gethnamaddr.c index 114875b910..f2def79e24 100644 --- a/resolv/gethnamaddr.c +++ b/resolv/gethnamaddr.c @@ -212,6 +212,10 @@ getanswer(answer, anslen, qname, qtype) * (i.e., with the succeeding search-domain tacked on). */ n = strlen(bp) + 1; /* for the \0 */ + if (n >= MAXHOSTNAMELEN) { + __set_h_errno (NO_RECOVERY); + return (NULL); + } host.h_name = bp; bp += n; buflen -= n; @@ -256,11 +260,15 @@ getanswer(answer, anslen, qname, qtype) /* Store alias. */ *ap++ = bp; n = strlen(bp) + 1; /* for the \0 */ + if (n >= MAXHOSTNAMELEN) { + had_error++; + continue; + } bp += n; buflen -= n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen) { + if (n > buflen || n >= MAXHOSTNAMELEN) { had_error++; continue; } @@ -272,14 +280,14 @@ getanswer(answer, anslen, qname, qtype) } if (qtype == T_PTR && type == T_CNAME) { n = dn_expand(answer->buf, eom, cp, tbuf, sizeof tbuf); - if ((n < 0) || !res_hnok(tbuf)) { + if (n < 0 || !res_hnok(tbuf)) { had_error++; continue; } cp += n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen) { + if (n > buflen || n >= MAXHOSTNAMELEN) { had_error++; continue; } @@ -320,6 +328,10 @@ getanswer(answer, anslen, qname, qtype) n = -1; if (n != -1) { n = strlen(bp) + 1; /* for the \0 */ + if (n >= MAXHOSTNAMELEN) { + had_error++; + break; + } bp += n; buflen -= n; } @@ -328,6 +340,10 @@ getanswer(answer, anslen, qname, qtype) host.h_name = bp; if (_res.options & RES_USE_INET6) { n = strlen(bp) + 1; /* for the \0 */ + if (n >= MAXHOSTNAMELEN) { + had_error++; + break; + } bp += n; buflen -= n; map_v4v6_hostent(&host, &bp, &buflen); @@ -395,8 +411,8 @@ getanswer(answer, anslen, qname, qtype) # endif /*RESOLVSORT*/ if (!host.h_name) { n = strlen(qname) + 1; /* for the \0 */ - if (n > buflen) - goto try_again; + if (n > buflen || n >= MAXHOSTNAMELEN) + goto no_recovery; strcpy(bp, qname); host.h_name = bp; bp += n; @@ -407,8 +423,8 @@ getanswer(answer, anslen, qname, qtype) __set_h_errno (NETDB_SUCCESS); return (&host); } - try_again: - __set_h_errno (TRY_AGAIN); + no_recovery: + __set_h_errno (NO_RECOVERY); return (NULL); } @@ -508,13 +524,12 @@ gethostbyname2(name, af) if (!isdigit(*cp) && *cp != '.') break; } - if (isxdigit(name[0]) || name[0] == ':') + if ((isxdigit(name[0]) && strchr(name, ':') != NULL) || + name[0] == ':') for (cp = name;; ++cp) { if (!*cp) { if (*--cp == '.') break; - if (!strchr(name, ':')) - break; /* * All-IPv6-legal, no dot at the end. * Fake up a hostent as if we'd actually @@ -719,8 +734,7 @@ _gethtent() if (!(cp = strpbrk(p, " \t"))) goto again; *cp++ = '\0'; - if ((_res.options & RES_USE_INET6) && - inet_pton(AF_INET6, p, host_addr) > 0) { + if (inet_pton(AF_INET6, p, host_addr) > 0) { af = AF_INET6; len = IN6ADDRSZ; } else if (inet_pton(AF_INET, p, host_addr) > 0) { @@ -757,12 +771,6 @@ _gethtent() *cp++ = '\0'; } *q = NULL; - if (_res.options & RES_USE_INET6) { - char *bp = hostbuf; - int buflen = sizeof hostbuf; - - map_v4v6_hostent(&host, &bp, &buflen); - } __set_h_errno (NETDB_SUCCESS); return (&host); } diff --git a/resolv/inet_net_pton.c b/resolv/inet_net_pton.c index 0c2693136d..bf6fe02ed8 100644 --- a/resolv/inet_net_pton.c +++ b/resolv/inet_net_pton.c @@ -166,7 +166,7 @@ inet_net_pton_ipv4(src, dst, size) goto emsgsize; } - /* Fiery death and destruction unless we prefetched EOS. */ + /* Firey death and destruction unless we prefetched EOS. */ if (ch != '\0') goto enoent; diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c index 65a668e664..19ca33e197 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -342,6 +342,11 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, * (i.e., with the succeeding search-domain tacked on). */ n = strlen (bp) + 1; /* for the \0 */ + if (n >= MAXHOSTNAMELEN) + { + __set_h_errno (NO_RECOVERY); + return NSS_STATUS_TRYAGAIN; + } result->h_name = bp; bp += n; linebuflen -= n; @@ -396,11 +401,16 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, /* Store alias. */ *ap++ = bp; n = strlen (bp) + 1; /* For the \0. */ + if (n >= MAXHOSTNAMELEN) + { + ++had_error; + continue; + } bp += n; linebuflen -= n; /* Get canonical name. */ n = strlen (tbuf) + 1; /* For the \0. */ - if ((size_t) n > buflen) + if ((size_t) n > buflen || n >= MAXHOSTNAMELEN) { ++had_error; continue; @@ -423,7 +433,7 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, cp += n; /* Get canonical name. */ n = strlen (tbuf) + 1; /* For the \0. */ - if ((size_t) n > buflen) + if ((size_t) n > buflen || n >= MAXHOSTNAMELEN) { ++had_error; continue; @@ -469,6 +479,11 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, if (n != -1) { n = strlen (bp) + 1; /* for the \0 */ + if (n >= MAXHOSTNAMELEN) + { + ++had_error; + break; + } bp += n; linebuflen -= n; } @@ -478,6 +493,11 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, if (_res.options & RES_USE_INET6) { n = strlen (bp) + 1; /* for the \0 */ + if (n >= MAXHOSTNAMELEN) + { + ++had_error; + break; + } bp += n; linebuflen -= n; map_v4v6_hostent (result, &bp, &linebuflen); @@ -549,8 +569,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, if (result->h_name == NULL) { n = strlen (qname) + 1; /* For the \0. */ - if (n > linebuflen) - goto try_again; + if (n > linebuflen || n >= MAXHOSTNAMELEN) + goto no_recovery; strcpy (bp, qname); /* Cannot overflow. */ result->h_name = bp; bp += n; @@ -562,7 +582,7 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, *h_errnop = NETDB_SUCCESS; return NSS_STATUS_SUCCESS; } -try_again: - *h_errnop = TRY_AGAIN; + no_recovery: + *h_errnop = NO_RECOVERY; return NSS_STATUS_TRYAGAIN; } diff --git a/resolv/res_comp.c b/resolv/res_comp.c index a9ca69e55f..ed4bcdc58f 100644 --- a/resolv/res_comp.c +++ b/resolv/res_comp.c @@ -94,7 +94,7 @@ dn_expand(msg, eomorig, comp_dn, exp_dn, length) register char *dn; register int n, c; char *eom; - int len = -1, checked = 0; + int len = -1, checked = 0, octets = 0; dn = exp_dn; cp = comp_dn; @@ -108,6 +108,9 @@ dn_expand(msg, eomorig, comp_dn, exp_dn, length) */ switch (n & INDIR_MASK) { case 0: + octets += (n + 1); + if (octets > MAXCDNAME) + return (-1); if (dn != exp_dn) { if (dn >= eom) return (-1); @@ -179,6 +182,8 @@ dn_comp(exp_dn, comp_dn, length, dnptrs, lastdnptr) dn = (u_char *)exp_dn; cp = comp_dn; + if (length > MAXCDNAME) + length = MAXCDNAME; eob = cp + length; lpp = cpp = NULL; if (dnptrs != NULL) { diff --git a/resolv/res_debug.c b/resolv/res_debug.c index fa2ca80c34..3afe8c23a8 100644 --- a/resolv/res_debug.c +++ b/resolv/res_debug.c @@ -1146,40 +1146,47 @@ static u_int8_t precsize_aton(strptr) char **strptr; { - unsigned int mval = 0, cmval = 0; u_int8_t retval = 0; - register char *cp; - register int exponent; - register int mantissa; + char *cp; + int exponent = 0; + int mantissa = 0; cp = *strptr; + while (isdigit(*cp)) { + if (mantissa == 0) + mantissa = *cp - '0'; + else + exponent++; + cp++; + } - while (isdigit(*cp)) - mval = mval * 10 + (*cp++ - '0'); - - if (*cp == '.') { /* centimeters */ + if (*cp == '.') { cp++; if (isdigit(*cp)) { - cmval = (*cp++ - '0') * 10; + if (mantissa == 0) + mantissa = *cp - '0'; + else + exponent++; + cp++; + if (isdigit(*cp)) { - cmval += (*cp++ - '0'); + if (mantissa == 0) + mantissa = *cp - '0'; + else + exponent++; + cp++; } + else + exponent++; } } - cmval = (mval * 100) + cmval; - - for (exponent = 0; exponent < 9; exponent++) - if (cmval < poweroften[exponent+1]) - break; - - mantissa = cmval / poweroften[exponent]; - if (mantissa > 9) - mantissa = 9; + else + exponent += 2; + if (mantissa == 0) + exponent = 0; retval = (mantissa << 4) | exponent; - *strptr = cp; - return (retval); } diff --git a/resolv/res_init.c b/resolv/res_init.c index 91f9f40094..755b88d466 100644 --- a/resolv/res_init.c +++ b/resolv/res_init.c @@ -159,7 +159,7 @@ res_init() register FILE *fp; register char *cp, **pp; register int n; - char buf[BUFSIZ]; + char buf[MAXDNAME]; int nserv = 0; /* number of nameserver records read from file */ int haveenv = 0; int havesearch = 0; diff --git a/resolv/res_send.c b/resolv/res_send.c index 60d8ef2fb9..cde6a845d5 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -601,6 +601,11 @@ read_len: if ((long) timeout.tv_sec <= 0) timeout.tv_sec = 1; timeout.tv_usec = 0; + if (s+1 > FD_SETSIZE) { + Perror(stderr, "s+1 > FD_SETSIZE", EMFILE); + res_close(); + goto next_ns; + } wait: FD_ZERO(&dsmask); FD_SET(s, &dsmask); |