summary refs log tree commit diff
path: root/resolv
diff options
context:
space:
mode:
Diffstat (limited to 'resolv')
-rw-r--r--resolv/nss_dns/dns-host.c15
1 files changed, 6 insertions, 9 deletions
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index a75e9dfd83..7b82486803 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -387,10 +387,9 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
   {
     char *aliases[MAX_NR_ALIASES];
     unsigned char host_addr[16];	/* IPv4 or IPv6 */
-    char *h_addr_ptrs[MAX_NR_ADDRS + 1];
-    char linebuffer[0];
+    char *h_addr_ptrs[0];
   } *host_data = (struct host_data *) buffer;
-  int linebuflen = buflen - offsetof (struct host_data, linebuffer);
+  int linebuflen = buflen - sizeof (struct host_data);
   register const HEADER *hp;
   const u_char *end_of_message, *cp;
   int n, ancount, qdcount;
@@ -432,7 +431,6 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
    * find first satisfactory answer
    */
   hp = &answer->hdr;
-  bp = host_data->linebuffer;
   ancount = ntohs (hp->ancount);
   qdcount = ntohs (hp->qdcount);
   cp = answer->buf + HFIXEDSZ;
@@ -442,6 +440,10 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
       *errnop = ENOENT;
       return NSS_STATUS_UNAVAIL;
     }
+  if (sizeof (struct host_data) + (ancount + 1) * sizeof (char *) >= buflen)
+    goto too_small;
+  bp = (char *) &host_data->h_addr_ptrs[ancount + 1];
+  linebuflen -= (ancount + 1) * sizeof (char *);
 
   n = __ns_name_unpack (answer->buf, end_of_message, cp,
 			packtmp, sizeof packtmp);
@@ -701,11 +703,6 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
 
 	  if (__builtin_expect (n > linebuflen, 0))
 	    goto too_small;
-	  if (hap >= &host_data->h_addr_ptrs[MAX_NR_ADDRS-1])
-	    {
-	      cp += n;
-	      continue;
-	    }
 	  bp = __mempcpy (*hap++ = bp, cp, n);
 	  cp += n;
 	  linebuflen -= n;