diff options
author | imp <imp@FreeBSD.org> | 2002-06-26 08:18:05 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 2002-06-26 08:18:05 +0000 |
commit | 8df35cae5920770f3ca2040b56aa6e1cdc468740 (patch) | |
tree | b14e0dd837f4e2c6781a3fc42b342907035ab95b /lib/libc/net/getnetbydns.c | |
parent | 167db86ab54e9dbae6e6c3fd7f8f14b80f188420 (diff) | |
download | FreeBSD-src-8df35cae5920770f3ca2040b56aa6e1cdc468740.zip FreeBSD-src-8df35cae5920770f3ca2040b56aa6e1cdc468740.tar.gz |
Include more robust checking of end of buffer that more completely
plugs the hole.
Diffstat (limited to 'lib/libc/net/getnetbydns.c')
-rw-r--r-- | lib/libc/net/getnetbydns.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/libc/net/getnetbydns.c b/lib/libc/net/getnetbydns.c index 730d796..324c7cd 100644 --- a/lib/libc/net/getnetbydns.c +++ b/lib/libc/net/getnetbydns.c @@ -115,9 +115,9 @@ getnetanswer(answer, anslen, net_i) u_char *cp; int n; u_char *eom; - int type, class, buflen, ancount, qdcount, haveanswer, i, nchar; + int type, class, ancount, qdcount, haveanswer, i, nchar; char aux1[MAXHOSTNAMELEN], aux2[MAXHOSTNAMELEN], ans[MAXHOSTNAMELEN]; - char *in, *st, *pauxt, *bp, **ap; + char *in, *st, *pauxt, *bp, *ep, **ap; char *paux1 = &aux1[0], *paux2 = &aux2[0], flag = 0; static struct netent net_entry; static char *net_aliases[MAXALIASES], netbuf[PACKETSZ]; @@ -141,7 +141,6 @@ static char *net_aliases[MAXALIASES], netbuf[PACKETSZ]; ancount = ntohs(hp->ancount); /* #/records in the answer section */ qdcount = ntohs(hp->qdcount); /* #/entries in the question section */ bp = netbuf; - buflen = sizeof(netbuf); cp = answer->buf + HFIXEDSZ; if (!qdcount) { if (hp->aa) @@ -157,7 +156,7 @@ static char *net_aliases[MAXALIASES], netbuf[PACKETSZ]; net_entry.n_aliases = net_aliases; haveanswer = 0; while (--ancount >= 0 && cp < eom) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !res_dnok(bp)) break; cp += n; @@ -169,7 +168,7 @@ static char *net_aliases[MAXALIASES], netbuf[PACKETSZ]; cp += INT32SZ; /* TTL */ GETSHORT(n, cp); if (class == C_IN && type == T_PTR) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !res_hnok(bp)) { cp += n; return (NULL); |