aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1999-06-11 19:46:54 +0000
committerUlrich Drepper <drepper@redhat.com>1999-06-11 19:46:54 +0000
commit560d3b76d87f145dd9b9ce5102c845ce96eb8444 (patch)
tree8dbf75e27c2afbbee4dda5835125cec311088e16
parentc52bbc7e7ff156fa6b0ecb6d83cfcf51eb82d55f (diff)
downloadglibc-560d3b76d87f145dd9b9ce5102c845ce96eb8444.tar
glibc-560d3b76d87f145dd9b9ce5102c845ce96eb8444.tar.gz
glibc-560d3b76d87f145dd9b9ce5102c845ce96eb8444.tar.bz2
glibc-560d3b76d87f145dd9b9ce5102c845ce96eb8444.zip
(getanswer_r): Correctly track usage of user-provided buffer.
-rw-r--r--resolv/nss_dns/dns-host.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index 0ff1dec37d..16146ed4e0 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -319,6 +319,15 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
int (*name_ok) __P ((const char *));
u_char packtmp[NS_MAXCDNAME];
+ if (linebuflen < 0)
+ {
+ /* The buffer is too small. */
+ too_small:
+ *errnop = ERANGE;
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
tname = qname;
result->h_name = NULL;
end_of_message = answer->buf + anslen;
@@ -354,11 +363,7 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{
if (errno == EMSGSIZE)
- {
- *errnop = ERANGE;
- *h_errnop = NETDB_INTERNAL;
- return NSS_STATUS_TRYAGAIN;
- }
+ goto too_small;
n = -1;
}
@@ -389,6 +394,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
result->h_name = bp;
bp += n;
linebuflen -= n;
+ if (linebuflen < 0)
+ goto too_small;
/* The qname can be abbreviated, but h_name is now absolute. */
qname = result->h_name;
}
@@ -602,6 +609,7 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
linebuflen -= nn;
}
+ linebuflen -= sizeof (align) - ((u_long) bp % sizeof (align));
bp += sizeof (align) - ((u_long) bp % sizeof (align));
if (n >= linebuflen)