diff options
Diffstat (limited to 'src/lib/libc')
| -rw-r--r-- | src/lib/libc/net/getaddrinfo.c | 17 | ||||
| -rw-r--r-- | src/lib/libc/net/res_mkquery.c | 31 |
2 files changed, 22 insertions, 26 deletions
diff --git a/src/lib/libc/net/getaddrinfo.c b/src/lib/libc/net/getaddrinfo.c index d16900b4a0..3f4d916486 100644 --- a/src/lib/libc/net/getaddrinfo.c +++ b/src/lib/libc/net/getaddrinfo.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: getaddrinfo.c,v 1.33 2002/02/17 19:42:23 millert Exp $ */ | 1 | /* $OpenBSD: getaddrinfo.c,v 1.34 2002/06/26 06:01:16 itojun Exp $ */ |
| 2 | /* $KAME: getaddrinfo.c,v 1.31 2000/08/31 17:36:43 itojun Exp $ */ | 2 | /* $KAME: getaddrinfo.c,v 1.31 2000/08/31 17:36:43 itojun Exp $ */ |
| 3 | 3 | ||
| 4 | /* | 4 | /* |
| @@ -1031,8 +1031,8 @@ getanswer(answer, anslen, qname, qtype, pai) | |||
| 1031 | const u_char *cp; | 1031 | const u_char *cp; |
| 1032 | int n; | 1032 | int n; |
| 1033 | const u_char *eom; | 1033 | const u_char *eom; |
| 1034 | char *bp; | 1034 | char *bp, *ep; |
| 1035 | int type, class, buflen, ancount, qdcount; | 1035 | int type, class, ancount, qdcount; |
| 1036 | int haveanswer, had_error; | 1036 | int haveanswer, had_error; |
| 1037 | char tbuf[MAXDNAME]; | 1037 | char tbuf[MAXDNAME]; |
| 1038 | int (*name_ok)(const char *); | 1038 | int (*name_ok)(const char *); |
| @@ -1059,13 +1059,13 @@ getanswer(answer, anslen, qname, qtype, pai) | |||
| 1059 | ancount = ntohs(hp->ancount); | 1059 | ancount = ntohs(hp->ancount); |
| 1060 | qdcount = ntohs(hp->qdcount); | 1060 | qdcount = ntohs(hp->qdcount); |
| 1061 | bp = hostbuf; | 1061 | bp = hostbuf; |
| 1062 | buflen = sizeof hostbuf; | 1062 | ep = hostbuf + sizeof hostbuf; |
| 1063 | cp = answer->buf + HFIXEDSZ; | 1063 | cp = answer->buf + HFIXEDSZ; |
| 1064 | if (qdcount != 1) { | 1064 | if (qdcount != 1) { |
| 1065 | h_errno = NO_RECOVERY; | 1065 | h_errno = NO_RECOVERY; |
| 1066 | return (NULL); | 1066 | return (NULL); |
| 1067 | } | 1067 | } |
| 1068 | n = dn_expand(answer->buf, eom, cp, bp, buflen); | 1068 | n = dn_expand(answer->buf, eom, cp, bp, ep - bp); |
| 1069 | if ((n < 0) || !(*name_ok)(bp)) { | 1069 | if ((n < 0) || !(*name_ok)(bp)) { |
| 1070 | h_errno = NO_RECOVERY; | 1070 | h_errno = NO_RECOVERY; |
| 1071 | return (NULL); | 1071 | return (NULL); |
| @@ -1083,14 +1083,13 @@ getanswer(answer, anslen, qname, qtype, pai) | |||
| 1083 | } | 1083 | } |
| 1084 | canonname = bp; | 1084 | canonname = bp; |
| 1085 | bp += n; | 1085 | bp += n; |
| 1086 | buflen -= n; | ||
| 1087 | /* The qname can be abbreviated, but h_name is now absolute. */ | 1086 | /* The qname can be abbreviated, but h_name is now absolute. */ |
| 1088 | qname = canonname; | 1087 | qname = canonname; |
| 1089 | } | 1088 | } |
| 1090 | haveanswer = 0; | 1089 | haveanswer = 0; |
| 1091 | had_error = 0; | 1090 | had_error = 0; |
| 1092 | while (ancount-- > 0 && cp < eom && !had_error) { | 1091 | while (ancount-- > 0 && cp < eom && !had_error) { |
| 1093 | n = dn_expand(answer->buf, eom, cp, bp, buflen); | 1092 | n = dn_expand(answer->buf, eom, cp, bp, ep - bp); |
| 1094 | if ((n < 0) || !(*name_ok)(bp)) { | 1093 | if ((n < 0) || !(*name_ok)(bp)) { |
| 1095 | had_error++; | 1094 | had_error++; |
| 1096 | continue; | 1095 | continue; |
| @@ -1117,14 +1116,13 @@ getanswer(answer, anslen, qname, qtype, pai) | |||
| 1117 | cp += n; | 1116 | cp += n; |
| 1118 | /* Get canonical name. */ | 1117 | /* Get canonical name. */ |
| 1119 | n = strlen(tbuf) + 1; /* for the \0 */ | 1118 | n = strlen(tbuf) + 1; /* for the \0 */ |
| 1120 | if (n > buflen || n >= MAXHOSTNAMELEN) { | 1119 | if (n > ep - bp || n >= MAXHOSTNAMELEN) { |
| 1121 | had_error++; | 1120 | had_error++; |
| 1122 | continue; | 1121 | continue; |
| 1123 | } | 1122 | } |
| 1124 | strcpy(bp, tbuf); | 1123 | strcpy(bp, tbuf); |
| 1125 | canonname = bp; | 1124 | canonname = bp; |
| 1126 | bp += n; | 1125 | bp += n; |
| 1127 | buflen -= n; | ||
| 1128 | continue; | 1126 | continue; |
| 1129 | } | 1127 | } |
| 1130 | if (qtype == T_ANY) { | 1128 | if (qtype == T_ANY) { |
| @@ -1164,7 +1162,6 @@ getanswer(answer, anslen, qname, qtype, pai) | |||
| 1164 | canonname = bp; | 1162 | canonname = bp; |
| 1165 | nn = strlen(bp) + 1; /* for the \0 */ | 1163 | nn = strlen(bp) + 1; /* for the \0 */ |
| 1166 | bp += nn; | 1164 | bp += nn; |
| 1167 | buflen -= nn; | ||
| 1168 | } | 1165 | } |
| 1169 | 1166 | ||
| 1170 | /* don't overwrite pai */ | 1167 | /* don't overwrite pai */ |
diff --git a/src/lib/libc/net/res_mkquery.c b/src/lib/libc/net/res_mkquery.c index e414b5060d..6e57ec3217 100644 --- a/src/lib/libc/net/res_mkquery.c +++ b/src/lib/libc/net/res_mkquery.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $ */ | 1 | /* $OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * ++Copyright++ 1985, 1993 | 4 | * ++Copyright++ 1985, 1993 |
| @@ -60,7 +60,7 @@ | |||
| 60 | static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; | 60 | static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; |
| 61 | static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; | 61 | static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; |
| 62 | #else | 62 | #else |
| 63 | static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $"; | 63 | static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $"; |
| 64 | #endif | 64 | #endif |
| 65 | #endif /* LIBC_SCCS and not lint */ | 65 | #endif /* LIBC_SCCS and not lint */ |
| 66 | 66 | ||
| @@ -91,7 +91,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 91 | int buflen; /* size of buffer */ | 91 | int buflen; /* size of buffer */ |
| 92 | { | 92 | { |
| 93 | register HEADER *hp; | 93 | register HEADER *hp; |
| 94 | register u_char *cp; | 94 | register u_char *cp, *ep; |
| 95 | register int n; | 95 | register int n; |
| 96 | u_char *dnptrs[20], **dpp, **lastdnptr; | 96 | u_char *dnptrs[20], **dpp, **lastdnptr; |
| 97 | 97 | ||
| @@ -122,7 +122,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 122 | hp->rd = (_res.options & RES_RECURSE) != 0; | 122 | hp->rd = (_res.options & RES_RECURSE) != 0; |
| 123 | hp->rcode = NOERROR; | 123 | hp->rcode = NOERROR; |
| 124 | cp = buf + HFIXEDSZ; | 124 | cp = buf + HFIXEDSZ; |
| 125 | buflen -= HFIXEDSZ; | 125 | ep = buf + buflen; |
| 126 | dpp = dnptrs; | 126 | dpp = dnptrs; |
| 127 | *dpp++ = buf; | 127 | *dpp++ = buf; |
| 128 | *dpp++ = NULL; | 128 | *dpp++ = NULL; |
| @@ -133,12 +133,12 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 133 | switch (op) { | 133 | switch (op) { |
| 134 | case QUERY: /*FALLTHROUGH*/ | 134 | case QUERY: /*FALLTHROUGH*/ |
| 135 | case NS_NOTIFY_OP: | 135 | case NS_NOTIFY_OP: |
| 136 | if ((buflen -= QFIXEDSZ) < 0) | 136 | if (ep - cp < QFIXEDSZ) |
| 137 | return (-1); | 137 | return (-1); |
| 138 | if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0) | 138 | if ((n = dn_comp(dname, cp, ep - cp - QFIXEDSZ, dnptrs, |
| 139 | lastdnptr)) < 0) | ||
| 139 | return (-1); | 140 | return (-1); |
| 140 | cp += n; | 141 | cp += n; |
| 141 | buflen -= n; | ||
| 142 | __putshort(type, cp); | 142 | __putshort(type, cp); |
| 143 | cp += INT16SZ; | 143 | cp += INT16SZ; |
| 144 | __putshort(class, cp); | 144 | __putshort(class, cp); |
| @@ -149,12 +149,13 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 149 | /* | 149 | /* |
| 150 | * Make an additional record for completion domain. | 150 | * Make an additional record for completion domain. |
| 151 | */ | 151 | */ |
| 152 | buflen -= RRFIXEDSZ; | 152 | if (ep - cp < RRFIXEDSZ) |
| 153 | n = dn_comp((char *)data, cp, buflen, dnptrs, lastdnptr); | 153 | return (-1); |
| 154 | n = dn_comp((char *)data, cp, ep - cp - RRFIXEDSZ, dnptrs, | ||
| 155 | lastdnptr); | ||
| 154 | if (n < 0) | 156 | if (n < 0) |
| 155 | return (-1); | 157 | return (-1); |
| 156 | cp += n; | 158 | cp += n; |
| 157 | buflen -= n; | ||
| 158 | __putshort(T_NULL, cp); | 159 | __putshort(T_NULL, cp); |
| 159 | cp += INT16SZ; | 160 | cp += INT16SZ; |
| 160 | __putshort(class, cp); | 161 | __putshort(class, cp); |
| @@ -170,7 +171,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) | |||
| 170 | /* | 171 | /* |
| 171 | * Initialize answer section | 172 | * Initialize answer section |
| 172 | */ | 173 | */ |
| 173 | if (buflen < 1 + RRFIXEDSZ + datalen) | 174 | if (ep - cp < 1 + RRFIXEDSZ + datalen) |
| 174 | return (-1); | 175 | return (-1); |
| 175 | *cp++ = '\0'; /* no domain name */ | 176 | *cp++ = '\0'; /* no domain name */ |
| 176 | __putshort(type, cp); | 177 | __putshort(type, cp); |
| @@ -203,17 +204,16 @@ res_opt(n0, buf, buflen, anslen) | |||
| 203 | int anslen; /* answer buffer length */ | 204 | int anslen; /* answer buffer length */ |
| 204 | { | 205 | { |
| 205 | register HEADER *hp; | 206 | register HEADER *hp; |
| 206 | register u_char *cp; | 207 | register u_char *cp, *ep; |
| 207 | 208 | ||
| 208 | hp = (HEADER *) buf; | 209 | hp = (HEADER *) buf; |
| 209 | cp = buf + n0; | 210 | cp = buf + n0; |
| 210 | buflen -= n0; | 211 | ep = buf + buflen; |
| 211 | 212 | ||
| 212 | if (buflen < 1 + RRFIXEDSZ) | 213 | if (ep - cp < 1 + RRFIXEDSZ) |
| 213 | return -1; | 214 | return -1; |
| 214 | 215 | ||
| 215 | *cp++ = 0; /* "." */ | 216 | *cp++ = 0; /* "." */ |
| 216 | buflen--; | ||
| 217 | 217 | ||
| 218 | __putshort(T_OPT, cp); /* TYPE */ | 218 | __putshort(T_OPT, cp); /* TYPE */ |
| 219 | cp += INT16SZ; | 219 | cp += INT16SZ; |
| @@ -235,7 +235,6 @@ res_opt(n0, buf, buflen, anslen) | |||
| 235 | __putshort(0, cp); /* RDLEN */ | 235 | __putshort(0, cp); /* RDLEN */ |
| 236 | cp += INT16SZ; | 236 | cp += INT16SZ; |
| 237 | hp->arcount = htons(ntohs(hp->arcount) + 1); | 237 | hp->arcount = htons(ntohs(hp->arcount) + 1); |
| 238 | buflen -= RRFIXEDSZ; | ||
| 239 | 238 | ||
| 240 | return cp - buf; | 239 | return cp - buf; |
| 241 | } | 240 | } |