diff options
| author | Florian Weimer <fweimer@redhat.com> | 2016-05-04 14:35:23 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2016-05-04 14:48:01 +0200 |
| commit | 1c3490d4b29fc5b3f30dd6b13082046aee94443d (patch) | |
| tree | 615a33e7671aec7f908922800081793edcb06356 | |
| parent | c9b0e6a432e827b61f12eb52c2aaeadc77b64461 (diff) | |
| download | glibc-1c3490d4b29fc5b3f30dd6b13082046aee94443d.tar glibc-1c3490d4b29fc5b3f30dd6b13082046aee94443d.tar.gz glibc-1c3490d4b29fc5b3f30dd6b13082046aee94443d.tar.bz2 glibc-1c3490d4b29fc5b3f30dd6b13082046aee94443d.zip | |
getnameinfo: Avoid calling strnlen on uninitialized buffer
In the numeric AF_INET/AF_INET6 case, if inet_ntop fails
as the result of a short host buffer, we used to call strnlen
on the uninitialized host buffer.
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | inet/getnameinfo.c | 13 |
2 files changed, 11 insertions, 7 deletions
@@ -1,5 +1,10 @@ 2016-05-04 Florian Weimer <fweimer@redhat.com> + * inet/getnameinfo.c (gni_host_inet_numeric): Return EAI_OVERFLOW + in case of inet_ntop failure. + +2016-05-04 Florian Weimer <fweimer@redhat.com> + * inet/getnameinfo.c (gni_host_inet_name): Use temporaries to avoid long lines. (gni_host_inet_numeric): Likewise. Reduce scope of local diff --git a/inet/getnameinfo.c b/inet/getnameinfo.c index c649c49395..c8de1630f3 100644 --- a/inet/getnameinfo.c +++ b/inet/getnameinfo.c @@ -303,12 +303,12 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf, const struct sockaddr *sa, socklen_t addrlen, char *host, socklen_t hostlen, int flags) { - const char *c; if (sa->sa_family == AF_INET6) { const struct sockaddr_in6 *sin6p = (const struct sockaddr_in6 *) sa; - c = inet_ntop (AF_INET6, - (const void *) &sin6p->sin6_addr, host, hostlen); + if (inet_ntop (AF_INET6, &sin6p->sin6_addr, host, hostlen) == NULL) + return EAI_OVERFLOW; + uint32_t scopeid = sin6p->sin6_scope_id; if (scopeid != 0) { @@ -344,7 +344,7 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf, if (real_hostlen + scopelen + 1 > hostlen) /* Signal the buffer is too small. This is what inet_ntop does. */ - c = NULL; + return EAI_OVERFLOW; else memcpy (host + real_hostlen, scopebuf, scopelen + 1); } @@ -352,10 +352,9 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf, else { const struct sockaddr_in *sinp = (const struct sockaddr_in *) sa; - c = inet_ntop (AF_INET, &sinp->sin_addr, host, hostlen); + if (inet_ntop (AF_INET, &sinp->sin_addr, host, hostlen) == NULL) + return EAI_OVERFLOW; } - if (c == NULL) - return EAI_OVERFLOW; return 0; } |