[src/netbsd-1-6]: src/lib/libc/net Pull up revision 1.22 (requested by itojun...

[lukem <lukem%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d35d2bc12039
branches:  netbsd-1-6
changeset: 528094:d35d2bc12039
user:      lukem <lukem%NetBSD.org@localhost>
date:      Wed Jun 26 11:11:24 2002 +0000

description:
Pull up revision 1.22 (requested by itojun in ticket #371):
avoid remote buffer overrun on hostbuf[].  From: Joost Pol <joost%pine.nl@localhost>
correct bad practice in the code - it uses two changing variables
to manage buffer (buf and buflen).  we eliminate buflen and use
fixed point (ep) as the ending pointer.
this fix is critical.

diffstat:

 lib/libc/net/getnetnamadr.c |  14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)

diffs (57 lines):

diff -r d015b5caf8b1 -r d35d2bc12039 lib/libc/net/getnetnamadr.c
--- a/lib/libc/net/getnetnamadr.c       Wed Jun 26 11:11:15 2002 +0000
+++ b/lib/libc/net/getnetnamadr.c       Wed Jun 26 11:11:24 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: getnetnamadr.c,v 1.20 2000/12/20 20:51:08 christos Exp $       */
+/*     $NetBSD: getnetnamadr.c,v 1.20.4.1 2002/06/26 11:11:24 lukem Exp $      */
 
 /* Copyright (c) 1993 Carlos Leandro and Rui Salgueiro
  *     Dep. Matematica Universidade de Coimbra, Portugal, Europe
@@ -47,7 +47,7 @@
 static char sccsid_[] = "from getnetnamadr.c   1.4 (Coimbra) 93/06/03";
 static char rcsid[] = "Id: getnetnamadr.c,v 8.8 1997/06/01 20:34:37 vixie Exp ";
 #else
-__RCSID("$NetBSD: getnetnamadr.c,v 1.20 2000/12/20 20:51:08 christos Exp $");
+__RCSID("$NetBSD: getnetnamadr.c,v 1.20.4.1 2002/06/26 11:11:24 lukem Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -138,9 +138,9 @@
        u_char *cp;
        int n;
        u_char *eom;
-       int type, class, buflen, ancount, qdcount, haveanswer, i, nchar;
+       int type, class, ancount, qdcount, haveanswer, i, nchar;
        char aux1[30], aux2[30], ans[30], *in, *st, *pauxt, *bp, **ap,
-               *paux1 = &aux1[0], *paux2 = &aux2[0], flag = 0;
+               *paux1 = &aux1[0], *paux2 = &aux2[0], flag = 0, *ep;
        static  char netbuf[PACKETSZ];
 
        _DIAGASSERT(answer != NULL);
@@ -164,7 +164,7 @@
        ancount = ntohs(hp->ancount); /* #/records in the answer section */
        qdcount = ntohs(hp->qdcount); /* #/entries in the question section */
        bp = netbuf;
-       buflen = sizeof(netbuf);
+       ep = netbuf + sizeof(netbuf);
        cp = answer->buf + HFIXEDSZ;
        if (!qdcount) {
                if (hp->aa)
@@ -180,7 +180,7 @@
        net_entry.n_aliases = net_aliases;
        haveanswer = 0;
        while (--ancount >= 0 && cp < eom) {
-               n = dn_expand(answer->buf, eom, cp, bp, buflen);
+               n = dn_expand(answer->buf, eom, cp, bp, ep - bp);
                if ((n < 0) || !res_dnok(bp))
                        break;
                cp += n;
@@ -191,7 +191,7 @@
                cp += INT32SZ;          /* TTL */
                GETSHORT(n, cp);
                if (class == C_IN && type == T_PTR) {
-                       n = dn_expand(answer->buf, eom, cp, bp, buflen);
+                       n = dn_expand(answer->buf, eom, cp, bp, ep - bp);
                        if ((n < 0) || !res_hnok(bp)) {
                                cp += n;
                                return (NULL);