diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libc/net/res_mkquery.c | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/src/lib/libc/net/res_mkquery.c b/src/lib/libc/net/res_mkquery.c index e414b5060d..6e57ec3217 100644 --- a/src/lib/libc/net/res_mkquery.c +++ b/src/lib/libc/net/res_mkquery.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $ */ | 1 | /* $OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * ++Copyright++ 1985, 1993 | 4 | * ++Copyright++ 1985, 1993 |
| @@ -60,7 +60,7 @@ | |||
| 60 | static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; | 60 | static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; |
| 61 | static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; | 61 | static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; |
| 62 | #else | 62 | #else |
| 63 | static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $"; | 63 | static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $"; |
| 64 | #endif | 64 | #endif |
| 65 | #endif /* LIBC_SCCS and not lint */ | 65 | #endif /* LIBC_SCCS and not lint */ |
| 66 | 66 | ||
| @@ -91,7 +91,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 91 | int buflen; /* size of buffer */ | 91 | int buflen; /* size of buffer */ |
| 92 | { | 92 | { |
| 93 | register HEADER *hp; | 93 | register HEADER *hp; |
| 94 | register u_char *cp; | 94 | register u_char *cp, *ep; |
| 95 | register int n; | 95 | register int n; |
| 96 | u_char *dnptrs[20], **dpp, **lastdnptr; | 96 | u_char *dnptrs[20], **dpp, **lastdnptr; |
| 97 | 97 | ||
| @@ -122,7 +122,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 122 | hp->rd = (_res.options & RES_RECURSE) != 0; | 122 | hp->rd = (_res.options & RES_RECURSE) != 0; |
| 123 | hp->rcode = NOERROR; | 123 | hp->rcode = NOERROR; |
| 124 | cp = buf + HFIXEDSZ; | 124 | cp = buf + HFIXEDSZ; |
| 125 | buflen -= HFIXEDSZ; | 125 | ep = buf + buflen; |
| 126 | dpp = dnptrs; | 126 | dpp = dnptrs; |
| 127 | *dpp++ = buf; | 127 | *dpp++ = buf; |
| 128 | *dpp++ = NULL; | 128 | *dpp++ = NULL; |
| @@ -133,12 +133,12 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 133 | switch (op) { | 133 | switch (op) { |
| 134 | case QUERY: /*FALLTHROUGH*/ | 134 | case QUERY: /*FALLTHROUGH*/ |
| 135 | case NS_NOTIFY_OP: | 135 | case NS_NOTIFY_OP: |
| 136 | if ((buflen -= QFIXEDSZ) < 0) | 136 | if (ep - cp < QFIXEDSZ) |
| 137 | return (-1); | 137 | return (-1); |
| 138 | if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0) | 138 | if ((n = dn_comp(dname, cp, ep - cp - QFIXEDSZ, dnptrs, |
| 139 | lastdnptr)) < 0) | ||
| 139 | return (-1); | 140 | return (-1); |
| 140 | cp += n; | 141 | cp += n; |
| 141 | buflen -= n; | ||
| 142 | __putshort(type, cp); | 142 | __putshort(type, cp); |
| 143 | cp += INT16SZ; | 143 | cp += INT16SZ; |
| 144 | __putshort(class, cp); | 144 | __putshort(class, cp); |
| @@ -149,12 +149,13 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 149 | /* | 149 | /* |
| 150 | * Make an additional record for completion domain. | 150 | * Make an additional record for completion domain. |
| 151 | */ | 151 | */ |
| 152 | buflen -= RRFIXEDSZ; | 152 | if (ep - cp < RRFIXEDSZ) |
| 153 | n = dn_comp((char *)data, cp, buflen, dnptrs, lastdnptr); | 153 | return (-1); |
| 154 | n = dn_comp((char *)data, cp, ep - cp - RRFIXEDSZ, dnptrs, | ||
| 155 | lastdnptr); | ||
| 154 | if (n < 0) | 156 | if (n < 0) |
| 155 | return (-1); | 157 | return (-1); |
| 156 | cp += n; | 158 | cp += n; |
| 157 | buflen -= n; | ||
| 158 | __putshort(T_NULL, cp); | 159 | __putshort(T_NULL, cp); |
| 159 | cp += INT16SZ; | 160 | cp += INT16SZ; |
| 160 | __putshort(class, cp); | 161 | __putshort(class, cp); |
| @@ -170,7 +171,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 170 | /* | 171 | /* |
| 171 | * Initialize answer section | 172 | * Initialize answer section |
| 172 | */ | 173 | */ |
| 173 | if (buflen < 1 + RRFIXEDSZ + datalen) | 174 | if (ep - cp < 1 + RRFIXEDSZ + datalen) |
| 174 | return (-1); | 175 | return (-1); |
| 175 | *cp++ = '\0'; /* no domain name */ | 176 | *cp++ = '\0'; /* no domain name */ |
| 176 | __putshort(type, cp); | 177 | __putshort(type, cp); |
| @@ -203,17 +204,16 @@ res_opt(n0, buf, buflen, anslen) | |||
| 203 | int anslen; /* answer buffer length */ | 204 | int anslen; /* answer buffer length */ |
| 204 | { | 205 | { |
| 205 | register HEADER *hp; | 206 | register HEADER *hp; |
| 206 | register u_char *cp; | 207 | register u_char *cp, *ep; |
| 207 | 208 | ||
| 208 | hp = (HEADER *) buf; | 209 | hp = (HEADER *) buf; |
| 209 | cp = buf + n0; | 210 | cp = buf + n0; |
| 210 | buflen -= n0; | 211 | ep = buf + buflen; |
| 211 | 212 | ||
| 212 | if (buflen < 1 + RRFIXEDSZ) | 213 | if (ep - cp < 1 + RRFIXEDSZ) |
| 213 | return -1; | 214 | return -1; |
| 214 | 215 | ||
| 215 | *cp++ = 0; /* "." */ | 216 | *cp++ = 0; /* "." */ |
| 216 | buflen--; | ||
| 217 | 217 | ||
| 218 | __putshort(T_OPT, cp); /* TYPE */ | 218 | __putshort(T_OPT, cp); /* TYPE */ |
| 219 | cp += INT16SZ; | 219 | cp += INT16SZ; |
| @@ -235,7 +235,6 @@ res_opt(n0, buf, buflen, anslen) | |||
| 235 | __putshort(0, cp); /* RDLEN */ | 235 | __putshort(0, cp); /* RDLEN */ |
| 236 | cp += INT16SZ; | 236 | cp += INT16SZ; |
| 237 | hp->arcount = htons(ntohs(hp->arcount) + 1); | 237 | hp->arcount = htons(ntohs(hp->arcount) + 1); |
| 238 | buflen -= RRFIXEDSZ; | ||
| 239 | 238 | ||
| 240 | return cp - buf; | 239 | return cp - buf; |
| 241 | } | 240 | } |