Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/dist/bind/lib/nameser Pull up revision 1.4 (requested b...
details: https://anonhg.NetBSD.org/src/rev/3a5e4a72cc2c
branches: netbsd-1-6
changeset: 528233:3a5e4a72cc2c
user: lukem <lukem%NetBSD.org@localhost>
date: Fri Jun 28 11:56:42 2002 +0000
description:
Pull up revision 1.4 (requested by itojun in ticket #387):
Update to BIND 8.3.3. Fixes buffer overrun in resolver code.
diffstat:
dist/bind/lib/nameser/ns_name.c | 325 +++++++++++++++++++++++++++++++++++---
dist/bind/lib/nameser/ns_parse.c | 34 ++--
dist/bind/lib/nameser/ns_print.c | 54 +++++-
3 files changed, 364 insertions(+), 49 deletions(-)
diffs (truncated from 711 to 300 lines):
diff -r 01f280c21107 -r 3a5e4a72cc2c dist/bind/lib/nameser/ns_name.c
--- a/dist/bind/lib/nameser/ns_name.c Fri Jun 28 11:56:23 2002 +0000
+++ b/dist/bind/lib/nameser/ns_name.c Fri Jun 28 11:56:42 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ns_name.c,v 1.3 2001/01/27 07:22:04 itojun Exp $ */
+/* $NetBSD: ns_name.c,v 1.3.2.1 2002/06/28 11:56:42 lukem Exp $ */
/*
* Copyright (c) 1996,1999 by Internet Software Consortium.
@@ -18,7 +18,7 @@
*/
#ifndef lint
-static const char rcsid[] = "Id: ns_name.c,v 8.15 2000/03/30 22:53:46 vixie Exp";
+static const char rcsid[] = "Id: ns_name.c,v 8.18 2002/05/24 05:10:40 marka Exp";
#endif
#include "port_before.h"
@@ -32,13 +32,43 @@
#include <resolv.h>
#include <string.h>
#include <ctype.h>
+#include <stdlib.h>
+#include <limits.h>
#include "port_after.h"
+#ifdef SPRINTF_CHAR
+# define SPRINTF(x) strlen(sprintf/**/x)
+#else
+# define SPRINTF(x) ((size_t)sprintf x)
+#endif
+
+#define NS_TYPE_ELT 0x40 /* EDNS0 extended label type */
+#define DNS_LABELTYPE_BITSTRING 0x41
+
/* Data. */
static const char digits[] = "0123456789";
+static const char digitvalue[256] = {
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*16*/
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*32*/
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*48*/
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, /*64*/
+ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*80*/
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*96*/
+ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*112*/
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*128*/
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*256*/
+};
+
/* Forward. */
static int special(int);
@@ -46,6 +76,10 @@
static int dn_find(const u_char *, const u_char *,
const u_char * const *,
const u_char * const *);
+static int encode_bitsring(const char **, const char *,
+ char **, char **, const char *);
+static int labellen(const u_char *);
+static int decode_bitstring(const char **, char *, const char *);
/* Public. */
@@ -59,18 +93,20 @@
* All other domains are returned in non absolute form
*/
int
-ns_name_ntop(const u_char *src, char *dst, size_t dstsiz) {
+ns_name_ntop(const u_char *src, char *dst, size_t dstsiz)
+{
const u_char *cp;
char *dn, *eom;
u_char c;
u_int n;
+ int l;
cp = src;
dn = dst;
eom = dst + dstsiz;
while ((n = *cp++) != 0) {
- if ((n & NS_CMPRSFLGS) != 0) {
+ if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
/* Some kind of compression pointer. */
errno = EMSGSIZE;
return (-1);
@@ -82,11 +118,31 @@
}
*dn++ = '.';
}
- if (dn + n >= eom) {
+ if ((l = labellen(cp - 1)) < 0) {
+ errno = EMSGSIZE; /* XXX */
+ return(-1);
+ }
+ if (dn + l >= eom) {
errno = EMSGSIZE;
return (-1);
}
- for ((void)NULL; n > 0; n--) {
+ if ((n & NS_CMPRSFLGS) == NS_TYPE_ELT) {
+ int m;
+
+ if (n != DNS_LABELTYPE_BITSTRING) {
+ /* XXX: labellen should reject this case */
+ errno = EINVAL;
+ return(-1);
+ }
+ if ((m = decode_bitstring((const char **)&cp, dn, eom)) < 0)
+ {
+ errno = EMSGSIZE;
+ return(-1);
+ }
+ dn += m;
+ continue;
+ }
+ for ((void)NULL; l > 0; l--) {
c = *cp++;
if (special(c)) {
if (dn + 1 >= eom) {
@@ -140,9 +196,10 @@
*/
int
-ns_name_pton(const char *src, u_char *dst, size_t dstsiz) {
+ns_name_pton(const char *src, u_char *dst, size_t dstsiz)
+{
u_char *label, *bp, *eom;
- int c, n, escaped;
+ int c, n, escaped, e = 0;
char *cp;
escaped = 0;
@@ -152,7 +209,31 @@
while ((c = *src++) != 0) {
if (escaped) {
- if ((cp = strchr(digits, c)) != NULL) {
+ if (c == '[') { /* start a bit string label */
+ if ((cp = strchr(src, ']')) == NULL) {
+ errno = EINVAL; /* ??? */
+ return(-1);
+ }
+ if ((e = encode_bitsring(&src,
+ cp + 2,
+ (char **)&label,
+ (char **)&bp,
+ (const char *)eom))
+ != 0) {
+ errno = e;
+ return(-1);
+ }
+ escaped = 0;
+ label = bp++;
+ if ((c = *src++) == 0)
+ goto done;
+ else if (c != '.') {
+ errno = EINVAL;
+ return(-1);
+ }
+ continue;
+ }
+ else if ((cp = strchr(digits, c)) != NULL) {
n = (cp - digits) * 100;
if ((c = *src++) == 0 ||
(cp = strchr(digits, c)) == NULL) {
@@ -220,6 +301,7 @@
errno = EMSGSIZE;
return (-1);
}
+ done:
if (label >= eom) {
errno = EMSGSIZE;
return (-1);
@@ -249,28 +331,34 @@
*/
int
-ns_name_ntol(const u_char *src, u_char *dst, size_t dstsiz) {
+ns_name_ntol(const u_char *src, u_char *dst, size_t dstsiz)
+{
const u_char *cp;
u_char *dn, *eom;
u_char c;
u_int n;
+ int l;
cp = src;
dn = dst;
eom = dst + dstsiz;
while ((n = *cp++) != 0) {
- if ((n & NS_CMPRSFLGS) != 0) {
+ if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
/* Some kind of compression pointer. */
errno = EMSGSIZE;
return (-1);
}
*dn++ = n;
- if (dn + n >= eom) {
+ if ((l = labellen(cp - 1)) < 0) {
errno = EMSGSIZE;
return (-1);
}
- for ((void)NULL; n > 0; n--) {
+ if (dn + l >= eom) {
+ errno = EMSGSIZE;
+ return (-1);
+ }
+ for ((void)NULL; l > 0; l--) {
c = *cp++;
if (isupper(c))
*dn++ = tolower(c);
@@ -294,7 +382,7 @@
{
const u_char *srcp, *dstlim;
u_char *dstp;
- int n, len, checked;
+ int n, len, checked, l;
len = -1;
checked = 0;
@@ -310,16 +398,21 @@
/* Check for indirection. */
switch (n & NS_CMPRSFLGS) {
case 0:
+ case NS_TYPE_ELT:
/* Limit checks. */
- if (dstp + n + 1 >= dstlim || srcp + n >= eom) {
+ if ((l = labellen(srcp - 1)) < 0) {
+ errno = EMSGSIZE;
+ return(-1);
+ }
+ if (dstp + l + 1 >= dstlim || srcp + l >= eom) {
errno = EMSGSIZE;
return (-1);
}
- checked += n + 1;
+ checked += l + 1;
*dstp++ = n;
- memcpy(dstp, srcp, n);
- dstp += n;
- srcp += n;
+ memcpy(dstp, srcp, l);
+ dstp += l;
+ srcp += l;
break;
case NS_CMPRSFLGS:
@@ -399,17 +492,23 @@
/* make sure the domain we are about to add is legal */
l = 0;
do {
+ int l0;
+
n = *srcp;
- if ((n & NS_CMPRSFLGS) != 0) {
+ if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
errno = EMSGSIZE;
return (-1);
}
- l += n + 1;
+ if ((l0 = labellen(srcp)) < 0) {
+ errno = EINVAL;
+ return(-1);
+ }
+ l += l0 + 1;
if (l > MAXCDNAME) {
errno = EMSGSIZE;
return (-1);
}
- srcp += n + 1;
+ srcp += l0 + 1;
} while (n != 0);
/* from here on we need to reset compression pointer array on error */
@@ -437,9 +536,11 @@
}
}
/* copy label to buffer */
- if (n & NS_CMPRSFLGS) { /* Should not happen. */
+ if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
+ /* Should not happen. */
goto cleanup;
}
+ n = labellen(srcp);
if (dstp + 1 + n >= eob) {
goto cleanup;
}
@@ -529,9 +630,11 @@
Home |
Main Index |
Thread Index |
Old Index