diff options
| author | itojun <itojun@FreeBSD.org> | 2000-09-25 23:04:36 +0000 |
|---|---|---|
| committer | itojun <itojun@FreeBSD.org> | 2000-09-25 23:04:36 +0000 |
| commit | 311be79390dfb9acb3868ba02383bbff8ff8ef2d (patch) | |
| tree | 2c95c6806b71b873011cd4d20f7a369f235ff2af /lib/libc | |
| parent | e04f70f17c26a18bc0eaec707b5a3f9d644773ac (diff) | |
| download | FreeBSD-src-311be79390dfb9acb3868ba02383bbff8ff8ef2d.zip FreeBSD-src-311be79390dfb9acb3868ba02383bbff8ff8ef2d.tar.gz | |
off-by-1 error in string length validation
From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/net/getnameinfo.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/lib/libc/net/getnameinfo.c b/lib/libc/net/getnameinfo.c index 2dbd81f..5bf2192 100644 --- a/lib/libc/net/getnameinfo.c +++ b/lib/libc/net/getnameinfo.c @@ -1,5 +1,5 @@ /* $FreeBSD$ */ -/* $KAME: getnameinfo.c,v 1.43 2000/06/12 04:27:03 itojun Exp $ */ +/* $KAME: getnameinfo.c,v 1.45 2000/09/25 22:43:56 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -33,11 +33,9 @@ /* * Issues to be discussed: * - Thread safe-ness must be checked - * - Return values. There seems to be no standard for return value (RFC2553) - * but INRIA implementation returns EAI_xxx defined for getaddrinfo(). * - RFC2553 says that we should raise error on short buffer. X/Open says * we need to truncate the result. We obey RFC2553 (and X/Open should be - * modified). + * modified). ipngwg rough consensus seems to follow RFC2553. * - What is "local" in NI_FQDN? * - NI_NAMEREQD and NI_NUMERICHOST conflict with each other. * - (KAME extension) NI_WITHSCOPEID when called with global address, @@ -88,6 +86,7 @@ static int ip6_parsenumeric __P((const struct sockaddr *, const char *, char *, static int ip6_sa2str __P((const struct sockaddr_in6 *, char *, size_t, int)); #endif +/* 2553bis: use EAI_xx for getnameinfo */ #define ENI_NOSOCKET EAI_FAIL /*XXX*/ #define ENI_NOSERVNAME EAI_NONAME #define ENI_NOHOSTNAME EAI_NONAME @@ -154,12 +153,12 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) (flags & NI_DGRAM) ? "udp" : "tcp"); } if (sp) { - if (strlen(sp->s_name) > servlen) + if (strlen(sp->s_name) + 1 > servlen) return ENI_MEMORY; strcpy(serv, sp->s_name); } else { snprintf(numserv, sizeof(numserv), "%d", ntohs(port)); - if (strlen(numserv) > servlen) + if (strlen(numserv) + 1 > servlen) return ENI_MEMORY; strcpy(serv, numserv); } @@ -253,7 +252,7 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) *p = '\0'; } #endif - if (strlen(hp->h_name) > hostlen) { + if (strlen(hp->h_name) + 1 > hostlen) { freehostent(hp); return ENI_MEMORY; } |
