From f1f381f26db98078dfc10572dbe1aa273fc16d94 Mon Sep 17 00:00:00 2001 From: itojun <> Date: Wed, 26 Jun 2002 06:01:16 +0000 Subject: correct bad practice in the code - it uses two changing variables to manage buffer (buf and buflen). we eliminate buflen and use fixed point (ep) as the ending pointer. this fix is NOT critical. --- src/lib/libc/net/res_mkquery.c | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'src/lib/libc/net/res_mkquery.c') diff --git a/src/lib/libc/net/res_mkquery.c b/src/lib/libc/net/res_mkquery.c index e414b5060d..6e57ec3217 100644 --- a/src/lib/libc/net/res_mkquery.c +++ b/src/lib/libc/net/res_mkquery.c @@ -1,4 +1,4 @@ -/* $OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $ */ +/* $OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $ */ /* * ++Copyright++ 1985, 1993 @@ -60,7 +60,7 @@ static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $"; +static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -91,7 +91,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) int buflen; /* size of buffer */ { register HEADER *hp; - register u_char *cp; + register u_char *cp, *ep; register int n; u_char *dnptrs[20], **dpp, **lastdnptr; @@ -122,7 +122,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) hp->rd = (_res.options & RES_RECURSE) != 0; hp->rcode = NOERROR; cp = buf + HFIXEDSZ; - buflen -= HFIXEDSZ; + ep = buf + buflen; dpp = dnptrs; *dpp++ = buf; *dpp++ = NULL; @@ -133,12 +133,12 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) switch (op) { case QUERY: /*FALLTHROUGH*/ case NS_NOTIFY_OP: - if ((buflen -= QFIXEDSZ) < 0) + if (ep - cp < QFIXEDSZ) return (-1); - if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0) + if ((n = dn_comp(dname, cp, ep - cp - QFIXEDSZ, dnptrs, + lastdnptr)) < 0) return (-1); cp += n; - buflen -= n; __putshort(type, cp); cp += INT16SZ; __putshort(class, cp); @@ -149,12 +149,13 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) /* * Make an additional record for completion domain. */ - buflen -= RRFIXEDSZ; - n = dn_comp((char *)data, cp, buflen, dnptrs, lastdnptr); + if (ep - cp < RRFIXEDSZ) + return (-1); + n = dn_comp((char *)data, cp, ep - cp - RRFIXEDSZ, dnptrs, + lastdnptr); if (n < 0) return (-1); cp += n; - buflen -= n; __putshort(T_NULL, cp); cp += INT16SZ; __putshort(class, cp); @@ -170,7 +171,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) /* * Initialize answer section */ - if (buflen < 1 + RRFIXEDSZ + datalen) + if (ep - cp < 1 + RRFIXEDSZ + datalen) return (-1); *cp++ = '\0'; /* no domain name */ __putshort(type, cp); @@ -203,17 +204,16 @@ res_opt(n0, buf, buflen, anslen) int anslen; /* answer buffer length */ { register HEADER *hp; - register u_char *cp; + register u_char *cp, *ep; hp = (HEADER *) buf; cp = buf + n0; - buflen -= n0; + ep = buf + buflen; - if (buflen < 1 + RRFIXEDSZ) + if (ep - cp < 1 + RRFIXEDSZ) return -1; *cp++ = 0; /* "." */ - buflen--; __putshort(T_OPT, cp); /* TYPE */ cp += INT16SZ; @@ -235,7 +235,6 @@ res_opt(n0, buf, buflen, anslen) __putshort(0, cp); /* RDLEN */ cp += INT16SZ; hp->arcount = htons(ntohs(hp->arcount) + 1); - buflen -= RRFIXEDSZ; return cp - buf; } -- cgit v1.2.3-55-g6feb