From 0ecb606cb6cf65de1d9fc8a919bceb4be476c602 Mon Sep 17 00:00:00 2001 From: Jakub Jelinek Date: Thu, 12 Jul 2007 18:26:36 +0000 Subject: 2.5-18.1 --- resolv/nss_dns/dns-canon.c | 16 ++++++++------- resolv/nss_dns/dns-host.c | 15 +++++++++----- resolv/nss_dns/dns-network.c | 47 +++++++++++++++++++++++++++++--------------- 3 files changed, 50 insertions(+), 28 deletions(-) (limited to 'resolv/nss_dns') diff --git a/resolv/nss_dns/dns-canon.c b/resolv/nss_dns/dns-canon.c index 91708df..fca6cd8 100644 --- a/resolv/nss_dns/dns-canon.c +++ b/resolv/nss_dns/dns-canon.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 2004. @@ -40,6 +40,10 @@ typedef union querybuf } querybuf; +static const short int qtypes[] = { ns_t_a, ns_t_aaaa }; +#define nqtypes (sizeof (qtypes) / sizeof (qtypes[0])) + + enum nss_status _nss_dns_getcanonname_r (const char *name, char *buffer, size_t buflen, char **result,int *errnop, int *h_errnop) @@ -53,8 +57,6 @@ _nss_dns_getcanonname_r (const char *name, char *buffer, size_t buflen, unsigned char *ptr; } ansp = { .ptr = buf }; enum nss_status status = NSS_STATUS_UNAVAIL; - int qtypes[] = { ns_t_a, ns_t_aaaa }; -#define nqtypes (sizeof (qtypes) / sizeof (qtypes[0])) for (int i = 0; i < nqtypes; ++i) { @@ -101,7 +103,8 @@ _nss_dns_getcanonname_r (const char *name, char *buffer, size_t buflen, ptr += s; /* Check whether type and class match. */ - unsigned int type = ntohs (*(uint16_t *) ptr); + uint_fast16_t type; + NS_GET16 (type, ptr); if (type == qtypes[i]) { /* We found the record. */ @@ -130,15 +133,14 @@ _nss_dns_getcanonname_r (const char *name, char *buffer, size_t buflen, if (type != ns_t_cname) goto unavail; - ptr += sizeof (uint16_t); - if (*(uint16_t *) ptr != htons (ns_c_in)) + if (ns_get16 (ptr) != ns_c_in) goto unavail; /* Also skip over the TTL. */ ptr += sizeof (uint16_t) + sizeof (uint32_t); /* Skip over the data length and data. */ - ptr += sizeof (uint16_t) + ntohs (*(uint16_t *) ptr); + ptr += sizeof (uint16_t) + ns_get16 (ptr); } } } diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c index 7045c59..cf060be 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996-2003, 2004 Free Software Foundation, Inc. +/* Copyright (C) 1996-2003, 2004, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Extended from original form by Ulrich Drepper , 1996. @@ -465,8 +465,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, char *aliases[MAX_NR_ALIASES]; unsigned char host_addr[16]; /* IPv4 or IPv6 */ char *h_addr_ptrs[0]; - } *host_data = (struct host_data *) buffer; - int linebuflen = buflen - sizeof (struct host_data); + } *host_data; + int linebuflen; register const HEADER *hp; const u_char *end_of_message, *cp; int n, ancount, qdcount; @@ -478,8 +478,9 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, u_char packtmp[NS_MAXCDNAME]; int have_to_map = 0; int32_t ttl = 0; - - if (__builtin_expect (linebuflen, 0) < 0) + uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); + buffer += pad; + if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0)) { /* The buffer is too small. */ too_small: @@ -487,6 +488,10 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, *h_errnop = NETDB_INTERNAL; return NSS_STATUS_TRYAGAIN; } + host_data = (struct host_data *) buffer; + linebuflen = buflen - sizeof (struct host_data); + if (buflen - sizeof (struct host_data) != linebuflen) + linebuflen = INT_MAX; tname = qname; result->h_name = NULL; diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c index 6ff60f3..4552b5b 100644 --- a/resolv/nss_dns/dns-network.c +++ b/resolv/nss_dns/dns-network.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996, 1997, 1998, 1999, 2002, 2004 +/* Copyright (C) 1996, 1997, 1998, 1999, 2002, 2004, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Extended from original form by Ulrich Drepper , 1996. @@ -102,7 +102,8 @@ extern int __ns_name_unpack (const u_char *, const u_char *, /* Prototypes for local functions. */ static enum nss_status getanswer_r (const querybuf *answer, int anslen, struct netent *result, char *buffer, - size_t buflen, lookup_method net_i); + size_t buflen, int *errnop, int *h_errnop, + lookup_method net_i); enum nss_status @@ -142,7 +143,8 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result, ? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND; } - status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, BYNAME); + status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, + errnop, herrnop, BYNAME); if (net_buffer.buf != orig_net_buffer) free (net_buffer.buf); return status; @@ -218,7 +220,8 @@ _nss_dns_getnetbyaddr_r (uint32_t net, int type, struct netent *result, ? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND; } - status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, BYADDR); + status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, + errnop, herrnop, BYADDR); if (net_buffer.buf != orig_net_buffer) free (net_buffer.buf); if (status == NSS_STATUS_SUCCESS) @@ -240,7 +243,8 @@ _nss_dns_getnetbyaddr_r (uint32_t net, int type, struct netent *result, static enum nss_status getanswer_r (const querybuf *answer, int anslen, struct netent *result, - char *buffer, size_t buflen, lookup_method net_i) + char *buffer, size_t buflen, int *errnop, int *h_errnop, + lookup_method net_i) { /* * Find first satisfactory answer @@ -260,16 +264,33 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result, { char *aliases[MAX_NR_ALIASES]; char linebuffer[0]; - } *net_data = (struct net_data *) buffer; + } *net_data; + + uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct net_data); + buffer += pad; + + if (__builtin_expect (buflen < sizeof (*net_data) + pad, 0)) + { + /* The buffer is too small. */ + too_small: + *errnop = ERANGE; + *h_errnop = NETDB_INTERNAL; + return NSS_STATUS_TRYAGAIN; + } + buflen -= pad; + + net_data = (struct net_data *) buffer; int linebuflen = buflen - offsetof (struct net_data, linebuffer); - const char *end_of_message = &answer->buf[anslen]; + if (buflen - offsetof (struct net_data, linebuffer) != linebuflen) + linebuflen = INT_MAX; + const unsigned char *end_of_message = &answer->buf[anslen]; const HEADER *header_pointer = &answer->hdr; /* #/records in the answer section. */ int answer_count = ntohs (header_pointer->ancount); /* #/entries in the question section. */ int question_count = ntohs (header_pointer->qdcount); char *bp = net_data->linebuffer; - const char *cp = &answer->buf[HFIXEDSZ]; + const unsigned char *cp = &answer->buf[HFIXEDSZ]; char **alias_pointer; int have_answer; char *ans; @@ -319,10 +340,7 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result, if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1) { if (errno == EMSGSIZE) - { - errno = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + goto too_small; n = -1; } @@ -346,10 +364,7 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result, if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1) { if (errno == EMSGSIZE) - { - errno = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + goto too_small; n = -1; } -- cgit v1.1