diff options
Diffstat (limited to 'lib/libc/net/gethostbydns.c')
-rw-r--r-- | lib/libc/net/gethostbydns.c | 39 |
1 files changed, 15 insertions, 24 deletions
diff --git a/lib/libc/net/gethostbydns.c b/lib/libc/net/gethostbydns.c index e40c141..518585a 100644 --- a/lib/libc/net/gethostbydns.c +++ b/lib/libc/net/gethostbydns.c @@ -167,8 +167,8 @@ gethostanswer(answer, anslen, qname, qtype) const u_char *cp; int n; const u_char *eom, *erdata; - char *bp, **ap, **hap; - int type, class, buflen, ancount, qdcount; + char *bp, *ep, **ap, **hap; + int type, class, ancount, qdcount; int haveanswer, had_error; int toobig = 0; char tbuf[MAXDNAME]; @@ -197,14 +197,14 @@ gethostanswer(answer, anslen, qname, qtype) ancount = ntohs(hp->ancount); qdcount = ntohs(hp->qdcount); bp = hostbuf; - buflen = sizeof hostbuf; + ep = hostbuf + sizeof hostbuf; cp = answer->buf; BOUNDED_INCR(HFIXEDSZ); if (qdcount != 1) { h_errno = NO_RECOVERY; return (NULL); } - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { h_errno = NO_RECOVERY; return (NULL); @@ -222,7 +222,6 @@ gethostanswer(answer, anslen, qname, qtype) } host.h_name = bp; bp += n; - buflen -= n; /* The qname can be abbreviated, but h_name is now absolute. */ qname = host.h_name; } @@ -236,7 +235,7 @@ gethostanswer(answer, anslen, qname, qtype) had_error = 0; _dns_ttl_ = -1; while (ancount-- > 0 && cp < eom && !had_error) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { had_error++; continue; @@ -280,17 +279,15 @@ gethostanswer(answer, anslen, qname, qtype) continue; } bp += n; - buflen -= n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen || n >= MAXHOSTNAMELEN) { + if (n > ep - bp || n >= MAXHOSTNAMELEN) { had_error++; continue; } strcpy(bp, tbuf); host.h_name = bp; bp += n; - buflen -= n; continue; } if (qtype == T_PTR && type == T_CNAME) { @@ -306,14 +303,13 @@ gethostanswer(answer, anslen, qname, qtype) } /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen || n >= MAXHOSTNAMELEN) { + if (n > ep - bp || n >= MAXHOSTNAMELEN) { had_error++; continue; } strcpy(bp, tbuf); tname = bp; bp += n; - buflen -= n; continue; } if (type != qtype) { @@ -333,7 +329,7 @@ gethostanswer(answer, anslen, qname, qtype) cp += n; continue; /* XXX - had_error++ ? */ } - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !res_hnok(bp)) { had_error++; break; @@ -357,7 +353,6 @@ gethostanswer(answer, anslen, qname, qtype) break; } bp += n; - buflen -= n; } break; #else @@ -369,8 +364,7 @@ gethostanswer(answer, anslen, qname, qtype) break; } bp += n; - buflen -= n; - _map_v4v6_hostent(&host, &bp, &buflen); + _map_v4v6_hostent(&host, &bp, &ep); } h_errno = NETDB_SUCCESS; return (&host); @@ -393,13 +387,12 @@ gethostanswer(answer, anslen, qname, qtype) host.h_name = bp; nn = strlen(bp) + 1; /* for the \0 */ bp += nn; - buflen -= nn; } buflen -= sizeof(align) - ((u_long)bp % sizeof(align)); bp += sizeof(align) - ((u_long)bp % sizeof(align)); - if (bp + n >= &hostbuf[sizeof hostbuf]) { + if (bp + n >= ep) { dprintf("size (%d) too big\n", n); had_error++; continue; @@ -413,7 +406,6 @@ gethostanswer(answer, anslen, qname, qtype) } bcopy(cp, *hap++ = bp, n); bp += n; - buflen -= n; cp += n; if (cp != erdata) { h_errno = NO_RECOVERY; @@ -443,15 +435,14 @@ gethostanswer(answer, anslen, qname, qtype) # endif /*RESOLVSORT*/ if (!host.h_name) { n = strlen(qname) + 1; /* for the \0 */ - if (n > buflen || n >= MAXHOSTNAMELEN) + if (n > ep - bp || n >= MAXHOSTNAMELEN) goto no_recovery; strcpy(bp, qname); host.h_name = bp; bp += n; - buflen -= n; } if (_res.options & RES_USE_INET6) - _map_v4v6_hostent(&host, &bp, &buflen); + _map_v4v6_hostent(&host, &bp, &ep); h_errno = NETDB_SUCCESS; return (&host); } @@ -489,7 +480,7 @@ _dns_gethostbyname(void *rval, void *cb_data, va_list ap) int af; querybuf buf; const char *cp; - char *bp; + char *bp, *ep; int n, size, type, len; name = va_arg(ap, const char *); @@ -548,7 +539,7 @@ _dns_gethostbyname(void *rval, void *cb_data, va_list ap) strncpy(hostbuf, name, MAXDNAME); hostbuf[MAXDNAME] = '\0'; bp = hostbuf + MAXDNAME; - len = sizeof hostbuf - MAXDNAME; + ep = hostbuf + sizeof hostbuf; host.h_name = hostbuf; host.h_aliases = host_aliases; host_aliases[0] = NULL; @@ -556,7 +547,7 @@ _dns_gethostbyname(void *rval, void *cb_data, va_list ap) h_addr_ptrs[1] = NULL; host.h_addr_list = h_addr_ptrs; if (_res.options & RES_USE_INET6) - _map_v4v6_hostent(&host, &bp, &len); + _map_v4v6_hostent(&host, &bp, &ep); h_errno = NETDB_SUCCESS; *(struct hostent **)rval = &host; return NS_SUCCESS; |