diff options
| author | vincent <> | 2003-06-27 22:23:05 +0000 |
|---|---|---|
| committer | vincent <> | 2003-06-27 22:23:05 +0000 |
| commit | 105123162e733d638357b0ba273c2e29f8409a41 (patch) | |
| tree | 2755f7e7ec8aeb554d278ccc7f85c30e1382060e /src | |
| parent | 7a60d5822d273bde9ea02a07883d5a454a3da4d2 (diff) | |
| download | openbsd-105123162e733d638357b0ba273c2e29f8409a41.tar.gz openbsd-105123162e733d638357b0ba273c2e29f8409a41.tar.bz2 openbsd-105123162e733d638357b0ba273c2e29f8409a41.zip | |
ensure we stay within the boundaries of our packet
ok itojun
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libc/net/gethostnamadr.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/src/lib/libc/net/gethostnamadr.c b/src/lib/libc/net/gethostnamadr.c index 5524439468..0be63bec83 100644 --- a/src/lib/libc/net/gethostnamadr.c +++ b/src/lib/libc/net/gethostnamadr.c | |||
| @@ -48,7 +48,7 @@ | |||
| 48 | */ | 48 | */ |
| 49 | 49 | ||
| 50 | #if defined(LIBC_SCCS) && !defined(lint) | 50 | #if defined(LIBC_SCCS) && !defined(lint) |
| 51 | static char rcsid[] = "$OpenBSD: gethostnamadr.c,v 1.56 2003/06/02 20:18:35 millert Exp $"; | 51 | static char rcsid[] = "$OpenBSD: gethostnamadr.c,v 1.57 2003/06/27 22:23:05 vincent Exp $"; |
| 52 | #endif /* LIBC_SCCS and not lint */ | 52 | #endif /* LIBC_SCCS and not lint */ |
| 53 | 53 | ||
| 54 | #include <sys/param.h> | 54 | #include <sys/param.h> |
| @@ -157,15 +157,12 @@ getanswer(answer, anslen, qname, qtype) | |||
| 157 | int qtype; | 157 | int qtype; |
| 158 | { | 158 | { |
| 159 | struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res); | 159 | struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res); |
| 160 | register const HEADER *hp; | 160 | const HEADER *hp; |
| 161 | register const u_char *cp; | 161 | const u_char *cp, *eom; |
| 162 | register int n; | ||
| 163 | const u_char *eom; | ||
| 164 | char *bp, **ap, **hap, *ep; | ||
| 165 | int type, class, ancount, qdcount; | ||
| 166 | int haveanswer, had_error; | ||
| 167 | int toobig = 0; | ||
| 168 | char tbuf[MAXDNAME]; | 162 | char tbuf[MAXDNAME]; |
| 163 | char *bp, **ap, **hap, *ep; | ||
| 164 | int type, class, ancount, qdcount, n; | ||
| 165 | int haveanswer, had_error, toobig = 0; | ||
| 169 | const char *tname; | 166 | const char *tname; |
| 170 | int (*name_ok)(const char *); | 167 | int (*name_ok)(const char *); |
| 171 | 168 | ||
| @@ -234,12 +231,20 @@ getanswer(answer, anslen, qname, qtype) | |||
| 234 | continue; | 231 | continue; |
| 235 | } | 232 | } |
| 236 | cp += n; /* name */ | 233 | cp += n; /* name */ |
| 234 | if (cp > eom) | ||
| 235 | break; | ||
| 237 | type = _getshort(cp); | 236 | type = _getshort(cp); |
| 238 | cp += INT16SZ; /* type */ | 237 | cp += INT16SZ; /* type */ |
| 238 | if (cp > eom) | ||
| 239 | break; | ||
| 239 | class = _getshort(cp); | 240 | class = _getshort(cp); |
| 240 | cp += INT16SZ + INT32SZ; /* class, TTL */ | 241 | cp += INT16SZ + INT32SZ; /* class, TTL */ |
| 242 | if (cp > eom) | ||
| 243 | break; | ||
| 241 | n = _getshort(cp); | 244 | n = _getshort(cp); |
| 242 | cp += INT16SZ; /* len */ | 245 | cp += INT16SZ; /* len */ |
| 246 | if (cp > eom) | ||
| 247 | break; | ||
| 243 | if (type == T_SIG) { | 248 | if (type == T_SIG) { |
| 244 | /* XXX - ignore signatures as we don't use them yet */ | 249 | /* XXX - ignore signatures as we don't use them yet */ |
| 245 | cp += n; | 250 | cp += n; |