aboutsummaryrefslogtreecommitdiff
path: root/resolv
diff options
context:
space:
mode:
Diffstat (limited to 'resolv')
-rw-r--r--resolv/nss_dns/dns-host.c15
1 files changed, 6 insertions, 9 deletions
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index a75e9df..7b82486 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -387,10 +387,9 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
{
char *aliases[MAX_NR_ALIASES];
unsigned char host_addr[16]; /* IPv4 or IPv6 */
- char *h_addr_ptrs[MAX_NR_ADDRS + 1];
- char linebuffer[0];
+ char *h_addr_ptrs[0];
} *host_data = (struct host_data *) buffer;
- int linebuflen = buflen - offsetof (struct host_data, linebuffer);
+ int linebuflen = buflen - sizeof (struct host_data);
register const HEADER *hp;
const u_char *end_of_message, *cp;
int n, ancount, qdcount;
@@ -432,7 +431,6 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
* find first satisfactory answer
*/
hp = &answer->hdr;
- bp = host_data->linebuffer;
ancount = ntohs (hp->ancount);
qdcount = ntohs (hp->qdcount);
cp = answer->buf + HFIXEDSZ;
@@ -442,6 +440,10 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
*errnop = ENOENT;
return NSS_STATUS_UNAVAIL;
}
+ if (sizeof (struct host_data) + (ancount + 1) * sizeof (char *) >= buflen)
+ goto too_small;
+ bp = (char *) &host_data->h_addr_ptrs[ancount + 1];
+ linebuflen -= (ancount + 1) * sizeof (char *);
n = __ns_name_unpack (answer->buf, end_of_message, cp,
packtmp, sizeof packtmp);
@@ -701,11 +703,6 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
if (__builtin_expect (n > linebuflen, 0))
goto too_small;
- if (hap >= &host_data->h_addr_ptrs[MAX_NR_ADDRS-1])
- {
- cp += n;
- continue;
- }
bp = __mempcpy (*hap++ = bp, cp, n);
cp += n;
linebuflen -= n;