summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authoritojun <>2002-06-26 06:01:16 +0000
committeritojun <>2002-06-26 06:01:16 +0000
commitf1f381f26db98078dfc10572dbe1aa273fc16d94 (patch)
tree269c86f8c2ae89cb848e0115f62fafa05558b084 /src
parent2de6ddb6a22feedbcbc44271ca3841ddc526981b (diff)
downloadopenbsd-f1f381f26db98078dfc10572dbe1aa273fc16d94.tar.gz
openbsd-f1f381f26db98078dfc10572dbe1aa273fc16d94.tar.bz2
openbsd-f1f381f26db98078dfc10572dbe1aa273fc16d94.zip
correct bad practice in the code - it uses two changing variables
to manage buffer (buf and buflen). we eliminate buflen and use fixed point (ep) as the ending pointer. this fix is NOT critical.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libc/net/getaddrinfo.c17
-rw-r--r--src/lib/libc/net/res_mkquery.c31
2 files changed, 22 insertions, 26 deletions
diff --git a/src/lib/libc/net/getaddrinfo.c b/src/lib/libc/net/getaddrinfo.c
index d16900b4a0..3f4d916486 100644
--- a/src/lib/libc/net/getaddrinfo.c
+++ b/src/lib/libc/net/getaddrinfo.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: getaddrinfo.c,v 1.33 2002/02/17 19:42:23 millert Exp $ */ 1/* $OpenBSD: getaddrinfo.c,v 1.34 2002/06/26 06:01:16 itojun Exp $ */
2/* $KAME: getaddrinfo.c,v 1.31 2000/08/31 17:36:43 itojun Exp $ */ 2/* $KAME: getaddrinfo.c,v 1.31 2000/08/31 17:36:43 itojun Exp $ */
3 3
4/* 4/*
@@ -1031,8 +1031,8 @@ getanswer(answer, anslen, qname, qtype, pai)
1031 const u_char *cp; 1031 const u_char *cp;
1032 int n; 1032 int n;
1033 const u_char *eom; 1033 const u_char *eom;
1034 char *bp; 1034 char *bp, *ep;
1035 int type, class, buflen, ancount, qdcount; 1035 int type, class, ancount, qdcount;
1036 int haveanswer, had_error; 1036 int haveanswer, had_error;
1037 char tbuf[MAXDNAME]; 1037 char tbuf[MAXDNAME];
1038 int (*name_ok)(const char *); 1038 int (*name_ok)(const char *);
@@ -1059,13 +1059,13 @@ getanswer(answer, anslen, qname, qtype, pai)
1059 ancount = ntohs(hp->ancount); 1059 ancount = ntohs(hp->ancount);
1060 qdcount = ntohs(hp->qdcount); 1060 qdcount = ntohs(hp->qdcount);
1061 bp = hostbuf; 1061 bp = hostbuf;
1062 buflen = sizeof hostbuf; 1062 ep = hostbuf + sizeof hostbuf;
1063 cp = answer->buf + HFIXEDSZ; 1063 cp = answer->buf + HFIXEDSZ;
1064 if (qdcount != 1) { 1064 if (qdcount != 1) {
1065 h_errno = NO_RECOVERY; 1065 h_errno = NO_RECOVERY;
1066 return (NULL); 1066 return (NULL);
1067 } 1067 }
1068 n = dn_expand(answer->buf, eom, cp, bp, buflen); 1068 n = dn_expand(answer->buf, eom, cp, bp, ep - bp);
1069 if ((n < 0) || !(*name_ok)(bp)) { 1069 if ((n < 0) || !(*name_ok)(bp)) {
1070 h_errno = NO_RECOVERY; 1070 h_errno = NO_RECOVERY;
1071 return (NULL); 1071 return (NULL);
@@ -1083,14 +1083,13 @@ getanswer(answer, anslen, qname, qtype, pai)
1083 } 1083 }
1084 canonname = bp; 1084 canonname = bp;
1085 bp += n; 1085 bp += n;
1086 buflen -= n;
1087 /* The qname can be abbreviated, but h_name is now absolute. */ 1086 /* The qname can be abbreviated, but h_name is now absolute. */
1088 qname = canonname; 1087 qname = canonname;
1089 } 1088 }
1090 haveanswer = 0; 1089 haveanswer = 0;
1091 had_error = 0; 1090 had_error = 0;
1092 while (ancount-- > 0 && cp < eom && !had_error) { 1091 while (ancount-- > 0 && cp < eom && !had_error) {
1093 n = dn_expand(answer->buf, eom, cp, bp, buflen); 1092 n = dn_expand(answer->buf, eom, cp, bp, ep - bp);
1094 if ((n < 0) || !(*name_ok)(bp)) { 1093 if ((n < 0) || !(*name_ok)(bp)) {
1095 had_error++; 1094 had_error++;
1096 continue; 1095 continue;
@@ -1117,14 +1116,13 @@ getanswer(answer, anslen, qname, qtype, pai)
1117 cp += n; 1116 cp += n;
1118 /* Get canonical name. */ 1117 /* Get canonical name. */
1119 n = strlen(tbuf) + 1; /* for the \0 */ 1118 n = strlen(tbuf) + 1; /* for the \0 */
1120 if (n > buflen || n >= MAXHOSTNAMELEN) { 1119 if (n > ep - bp || n >= MAXHOSTNAMELEN) {
1121 had_error++; 1120 had_error++;
1122 continue; 1121 continue;
1123 } 1122 }
1124 strcpy(bp, tbuf); 1123 strcpy(bp, tbuf);
1125 canonname = bp; 1124 canonname = bp;
1126 bp += n; 1125 bp += n;
1127 buflen -= n;
1128 continue; 1126 continue;
1129 } 1127 }
1130 if (qtype == T_ANY) { 1128 if (qtype == T_ANY) {
@@ -1164,7 +1162,6 @@ getanswer(answer, anslen, qname, qtype, pai)
1164 canonname = bp; 1162 canonname = bp;
1165 nn = strlen(bp) + 1; /* for the \0 */ 1163 nn = strlen(bp) + 1; /* for the \0 */
1166 bp += nn; 1164 bp += nn;
1167 buflen -= nn;
1168 } 1165 }
1169 1166
1170 /* don't overwrite pai */ 1167 /* don't overwrite pai */
diff --git a/src/lib/libc/net/res_mkquery.c b/src/lib/libc/net/res_mkquery.c
index e414b5060d..6e57ec3217 100644
--- a/src/lib/libc/net/res_mkquery.c
+++ b/src/lib/libc/net/res_mkquery.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $ */ 1/* $OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $ */
2 2
3/* 3/*
4 * ++Copyright++ 1985, 1993 4 * ++Copyright++ 1985, 1993
@@ -60,7 +60,7 @@
60static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; 60static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93";
61static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; 61static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $";
62#else 62#else
63static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $"; 63static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $";
64#endif 64#endif
65#endif /* LIBC_SCCS and not lint */ 65#endif /* LIBC_SCCS and not lint */
66 66
@@ -91,7 +91,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
91 int buflen; /* size of buffer */ 91 int buflen; /* size of buffer */
92{ 92{
93 register HEADER *hp; 93 register HEADER *hp;
94 register u_char *cp; 94 register u_char *cp, *ep;
95 register int n; 95 register int n;
96 u_char *dnptrs[20], **dpp, **lastdnptr; 96 u_char *dnptrs[20], **dpp, **lastdnptr;
97 97
@@ -122,7 +122,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
122 hp->rd = (_res.options & RES_RECURSE) != 0; 122 hp->rd = (_res.options & RES_RECURSE) != 0;
123 hp->rcode = NOERROR; 123 hp->rcode = NOERROR;
124 cp = buf + HFIXEDSZ; 124 cp = buf + HFIXEDSZ;
125 buflen -= HFIXEDSZ; 125 ep = buf + buflen;
126 dpp = dnptrs; 126 dpp = dnptrs;
127 *dpp++ = buf; 127 *dpp++ = buf;
128 *dpp++ = NULL; 128 *dpp++ = NULL;
@@ -133,12 +133,12 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
133 switch (op) { 133 switch (op) {
134 case QUERY: /*FALLTHROUGH*/ 134 case QUERY: /*FALLTHROUGH*/
135 case NS_NOTIFY_OP: 135 case NS_NOTIFY_OP:
136 if ((buflen -= QFIXEDSZ) < 0) 136 if (ep - cp < QFIXEDSZ)
137 return (-1); 137 return (-1);
138 if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0) 138 if ((n = dn_comp(dname, cp, ep - cp - QFIXEDSZ, dnptrs,
139 lastdnptr)) < 0)
139 return (-1); 140 return (-1);
140 cp += n; 141 cp += n;
141 buflen -= n;
142 __putshort(type, cp); 142 __putshort(type, cp);
143 cp += INT16SZ; 143 cp += INT16SZ;
144 __putshort(class, cp); 144 __putshort(class, cp);
@@ -149,12 +149,13 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
149 /* 149 /*
150 * Make an additional record for completion domain. 150 * Make an additional record for completion domain.
151 */ 151 */
152 buflen -= RRFIXEDSZ; 152 if (ep - cp < RRFIXEDSZ)
153 n = dn_comp((char *)data, cp, buflen, dnptrs, lastdnptr); 153 return (-1);
154 n = dn_comp((char *)data, cp, ep - cp - RRFIXEDSZ, dnptrs,
155 lastdnptr);
154 if (n < 0) 156 if (n < 0)
155 return (-1); 157 return (-1);
156 cp += n; 158 cp += n;
157 buflen -= n;
158 __putshort(T_NULL, cp); 159 __putshort(T_NULL, cp);
159 cp += INT16SZ; 160 cp += INT16SZ;
160 __putshort(class, cp); 161 __putshort(class, cp);
@@ -170,7 +171,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
170 /* 171 /*
171 * Initialize answer section 172 * Initialize answer section
172 */ 173 */
173 if (buflen < 1 + RRFIXEDSZ + datalen) 174 if (ep - cp < 1 + RRFIXEDSZ + datalen)
174 return (-1); 175 return (-1);
175 *cp++ = '\0'; /* no domain name */ 176 *cp++ = '\0'; /* no domain name */
176 __putshort(type, cp); 177 __putshort(type, cp);
@@ -203,17 +204,16 @@ res_opt(n0, buf, buflen, anslen)
203 int anslen; /* answer buffer length */ 204 int anslen; /* answer buffer length */
204{ 205{
205 register HEADER *hp; 206 register HEADER *hp;
206 register u_char *cp; 207 register u_char *cp, *ep;
207 208
208 hp = (HEADER *) buf; 209 hp = (HEADER *) buf;
209 cp = buf + n0; 210 cp = buf + n0;
210 buflen -= n0; 211 ep = buf + buflen;
211 212
212 if (buflen < 1 + RRFIXEDSZ) 213 if (ep - cp < 1 + RRFIXEDSZ)
213 return -1; 214 return -1;
214 215
215 *cp++ = 0; /* "." */ 216 *cp++ = 0; /* "." */
216 buflen--;
217 217
218 __putshort(T_OPT, cp); /* TYPE */ 218 __putshort(T_OPT, cp); /* TYPE */
219 cp += INT16SZ; 219 cp += INT16SZ;
@@ -235,7 +235,6 @@ res_opt(n0, buf, buflen, anslen)
235 __putshort(0, cp); /* RDLEN */ 235 __putshort(0, cp); /* RDLEN */
236 cp += INT16SZ; 236 cp += INT16SZ;
237 hp->arcount = htons(ntohs(hp->arcount) + 1); 237 hp->arcount = htons(ntohs(hp->arcount) + 1);
238 buflen -= RRFIXEDSZ;
239 238
240 return cp - buf; 239 return cp - buf;
241} 240}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 19:59:31 +0000