From 1c3490d4b29fc5b3f30dd6b13082046aee94443d Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 4 May 2016 14:35:23 +0200
Subject: getnameinfo: Avoid calling strnlen on uninitialized buffer

In the numeric AF_INET/AF_INET6 case, if inet_ntop fails
as the result of a short host buffer, we used to call strnlen
on the uninitialized host buffer.
---
 ChangeLog          |  5 +++++
 inet/getnameinfo.c | 13 ++++++-------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9d2ab7c8e0..833cc64b5c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2016-05-04  Florian Weimer  <fweimer@redhat.com>
+
+	* inet/getnameinfo.c (gni_host_inet_numeric): Return EAI_OVERFLOW
+	in case of inet_ntop failure.
+
 2016-05-04  Florian Weimer  <fweimer@redhat.com>
 
 	* inet/getnameinfo.c (gni_host_inet_name): Use temporaries to
diff --git a/inet/getnameinfo.c b/inet/getnameinfo.c
index c649c49395..c8de1630f3 100644
--- a/inet/getnameinfo.c
+++ b/inet/getnameinfo.c
@@ -303,12 +303,12 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf,
 		       const struct sockaddr *sa, socklen_t addrlen,
 		       char *host, socklen_t hostlen, int flags)
 {
-  const char *c;
   if (sa->sa_family == AF_INET6)
     {
       const struct sockaddr_in6 *sin6p = (const struct sockaddr_in6 *) sa;
-      c = inet_ntop (AF_INET6,
-		     (const void *) &sin6p->sin6_addr, host, hostlen);
+      if (inet_ntop (AF_INET6, &sin6p->sin6_addr, host, hostlen) == NULL)
+	return EAI_OVERFLOW;
+
       uint32_t scopeid = sin6p->sin6_scope_id;
       if (scopeid != 0)
 	{
@@ -344,7 +344,7 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf,
 	  if (real_hostlen + scopelen + 1 > hostlen)
 	    /* Signal the buffer is too small.  This is
 	       what inet_ntop does.  */
-	    c = NULL;
+	    return EAI_OVERFLOW;
 	  else
 	    memcpy (host + real_hostlen, scopebuf, scopelen + 1);
 	}
@@ -352,10 +352,9 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf,
   else
     {
       const struct sockaddr_in *sinp = (const struct sockaddr_in *) sa;
-      c = inet_ntop (AF_INET, &sinp->sin_addr, host, hostlen);
+      if (inet_ntop (AF_INET, &sinp->sin_addr, host, hostlen) == NULL)
+	return EAI_OVERFLOW;
     }
-  if (c == NULL)
-    return EAI_OVERFLOW;
   return 0;
 }
 
-- 
cgit 1.4.1