Check the size of the IP address reutrned from gethostbyname2, per PR

2578 from Julian A. Likely not strictly needed, but it doesn't hurt and protects ping against possible buffer overflows if the resolver were to return large IP addresses.
author: imp <imp@FreeBSD.org> 1997-03-03 09:50:21 +0000
committer: imp <imp@FreeBSD.org> 1997-03-03 09:50:21 +0000
commit: e5f21340d7f9c05c71cde10a3321860bfc6a2a5d (patch)
tree: 1ae86f797605261ef44d108ce9108c5de2dcdfd0 /sbin
parent: 1e7a910ca151c2606d05de7a8b9fa8d216282613 (diff)
download: FreeBSD-src-e5f21340d7f9c05c71cde10a3321860bfc6a2a5d.zip
FreeBSD-src-e5f21340d7f9c05c71cde10a3321860bfc6a2a5d.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c
index 491cf2e..0c5ebbd 100644
--- a/sbin/ping/ping.c
+++ b/sbin/ping/ping.c
@@ -45,7 +45,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)ping.c	8.1 (Berkeley) 6/5/93";
 */
 static const char rcsid[] =
-	"$Id: ping.c,v 1.18 1997/03/02 06:32:40 imp Exp $";
+	"$Id: ping.c,v 1.19 1997/03/02 20:01:13 imp Exp $";
 #endif /* not lint */
 
 /*
@@ -324,6 +324,8 @@ main(argc, argv)
 			     target, hstrerror(h_errno));
 
 		to->sin_len = sizeof *to;
+		if (hp->h_length > sizeof(to->sin_addr))
+			errx(1,"gethostbyname2 returned an illegal address");
 		memcpy(&to->sin_addr, hp->h_addr_list[0], sizeof to->sin_addr);
 		(void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1);
 		hnamebuf[(sizeof hnamebuf) - 1] = '\0';
author	imp <imp@FreeBSD.org>	1997-03-03 09:50:21 +0000
committer	imp <imp@FreeBSD.org>	1997-03-03 09:50:21 +0000
commit	e5f21340d7f9c05c71cde10a3321860bfc6a2a5d (patch)
tree	1ae86f797605261ef44d108ce9108c5de2dcdfd0 /sbin
parent	1e7a910ca151c2606d05de7a8b9fa8d216282613 (diff)
download	FreeBSD-src-e5f21340d7f9c05c71cde10a3321860bfc6a2a5d.zip FreeBSD-src-e5f21340d7f9c05c71cde10a3321860bfc6a2a5d.tar.gz