diff options
| author | millert <> | 2017-03-06 18:14:41 +0000 |
|---|---|---|
| committer | millert <> | 2017-03-06 18:14:41 +0000 |
| commit | fd95a9dab8a07c61c805cb7f2f736b95364c2d06 (patch) | |
| tree | 447db07f13c2dfc79705fec00cab6a523d977219 /src/lib | |
| parent | e1ae7d0226ccc30997aa424b88a07c2a47ff7b1c (diff) | |
| download | openbsd-fd95a9dab8a07c61c805cb7f2f736b95364c2d06.tar.gz openbsd-fd95a9dab8a07c61c805cb7f2f736b95364c2d06.tar.bz2 openbsd-fd95a9dab8a07c61c805cb7f2f736b95364c2d06.zip | |
Pull in a change from the bind 8 resolver that fixes a potential
crash when given a large hex number as part of the dotted quad.
OK deraadt@ jsg@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libc/net/inet_net_pton.c | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/src/lib/libc/net/inet_net_pton.c b/src/lib/libc/net/inet_net_pton.c index 1683a79043..61ea34c906 100644 --- a/src/lib/libc/net/inet_net_pton.c +++ b/src/lib/libc/net/inet_net_pton.c | |||
| @@ -1,8 +1,8 @@ | |||
| 1 | /* $OpenBSD: inet_net_pton.c,v 1.8 2013/11/25 18:23:51 deraadt Exp $ */ | 1 | /* $OpenBSD: inet_net_pton.c,v 1.9 2017/03/06 18:14:41 millert Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org> | 4 | * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org> |
| 5 | * Copyright (c) 1996 by Internet Software Consortium. | 5 | * Copyright (c) 1996,1999 by Internet Software Consortium. |
| 6 | * | 6 | * |
| 7 | * Permission to use, copy, modify, and distribute this software for any | 7 | * Permission to use, copy, modify, and distribute this software for any |
| 8 | * purpose with or without fee is hereby granted, provided that the above | 8 | * purpose with or without fee is hereby granted, provided that the above |
| @@ -91,7 +91,7 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) | |||
| 91 | /* Hexadecimal: Eat nybble string. */ | 91 | /* Hexadecimal: Eat nybble string. */ |
| 92 | if (size <= 0) | 92 | if (size <= 0) |
| 93 | goto emsgsize; | 93 | goto emsgsize; |
| 94 | *dst = 0, dirty = 0; | 94 | tmp = 0, dirty = 0; |
| 95 | src++; /* skip x or X. */ | 95 | src++; /* skip x or X. */ |
| 96 | while ((ch = (unsigned char)*src++) != '\0' && | 96 | while ((ch = (unsigned char)*src++) != '\0' && |
| 97 | isascii(ch) && isxdigit(ch)) { | 97 | isascii(ch) && isxdigit(ch)) { |
| @@ -99,16 +99,22 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) | |||
| 99 | ch = tolower(ch); | 99 | ch = tolower(ch); |
| 100 | n = strchr(xdigits, ch) - xdigits; | 100 | n = strchr(xdigits, ch) - xdigits; |
| 101 | assert(n >= 0 && n <= 15); | 101 | assert(n >= 0 && n <= 15); |
| 102 | *dst |= n; | 102 | if (dirty == 0) |
| 103 | if (!dirty++) | 103 | tmp = n; |
| 104 | *dst <<= 4; | ||
| 105 | else if (size-- > 0) | ||
| 106 | *++dst = 0, dirty = 0; | ||
| 107 | else | 104 | else |
| 105 | tmp = (tmp << 4) | n; | ||
| 106 | if (++dirty == 2) { | ||
| 107 | if (size-- == 0) | ||
| 108 | goto emsgsize; | ||
| 109 | *dst++ = (u_char) tmp; | ||
| 110 | dirty = 0; | ||
| 111 | } | ||
| 112 | } | ||
| 113 | if (dirty) { /* Odd trailing nybble? */ | ||
| 114 | if (size-- == 0) | ||
| 108 | goto emsgsize; | 115 | goto emsgsize; |
| 116 | *dst++ = (u_char) (tmp << 4); | ||
| 109 | } | 117 | } |
| 110 | if (dirty) | ||
| 111 | size--; | ||
| 112 | } else if (isascii(ch) && isdigit(ch)) { | 118 | } else if (isascii(ch) && isdigit(ch)) { |
| 113 | /* Decimal: eat dotted digit string. */ | 119 | /* Decimal: eat dotted digit string. */ |
| 114 | for (;;) { | 120 | for (;;) { |