[src/trunk]: src/lib/libc/net Protect against stack smashes (Maksymilian Arci...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/5c6ba24b9e90
branches:  trunk
changeset: 763767:5c6ba24b9e90
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Apr 03 22:14:15 2011 +0000

description:
Protect against stack smashes (Maksymilian Arciemowicz)

diffstat:

 lib/libc/net/getservbyname_r.c |  16 +++++++++-------
 lib/libc/net/getservbyport_r.c |  12 ++++++------
 2 files changed, 15 insertions(+), 13 deletions(-)

diffs (72 lines):

diff -r a5386c0fb495 -r 5c6ba24b9e90 lib/libc/net/getservbyname_r.c
--- a/lib/libc/net/getservbyname_r.c    Sun Apr 03 20:05:30 2011 +0000
+++ b/lib/libc/net/getservbyname_r.c    Sun Apr 03 22:14:15 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: getservbyname_r.c,v 1.7 2010/04/25 00:54:46 joerg Exp $        */
+/*     $NetBSD: getservbyname_r.c,v 1.8 2011/04/03 22:14:15 christos Exp $     */
 
 /*
  * Copyright (c) 1983, 1993
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)getservbyname.c    8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: getservbyname_r.c,v 1.7 2010/04/25 00:54:46 joerg Exp $");
+__RCSID("$NetBSD: getservbyname_r.c,v 1.8 2011/04/03 22:14:15 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -69,12 +69,14 @@
                namelen = strlen(name);
                if (namelen == 0 || namelen > 255)
                        return NULL;
-               if (proto != NULL && *proto == '\0')
+               if (proto != NULL) {
+                       protolen = strlen(proto);
+                       if (protolen == 0 || protolen > 255)
+                               return NULL;
+               } else
+                       protolen = 0;
+               if (namelen + protolen > 255)
                        return NULL;
-               if (proto != NULL)
-                       protolen = strlen(proto);
-               else
-                       protolen = 0;
 
                buf[0] = namelen;
                buf[1] = protolen;
diff -r a5386c0fb495 -r 5c6ba24b9e90 lib/libc/net/getservbyport_r.c
--- a/lib/libc/net/getservbyport_r.c    Sun Apr 03 20:05:30 2011 +0000
+++ b/lib/libc/net/getservbyport_r.c    Sun Apr 03 22:14:15 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: getservbyport_r.c,v 1.7 2010/04/25 00:54:46 joerg Exp $        */
+/*     $NetBSD: getservbyport_r.c,v 1.8 2011/04/03 22:14:15 christos Exp $     */
 
 /*
  * Copyright (c) 1983, 1993
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)getservbyport.c    8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: getservbyport_r.c,v 1.7 2010/04/25 00:54:46 joerg Exp $");
+__RCSID("$NetBSD: getservbyport_r.c,v 1.8 2011/04/03 22:14:15 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -67,11 +67,11 @@
 
                port = be16toh(port);
 
-               if (proto != NULL && *proto == '\0')
-                       return NULL;
-               if (proto != NULL)
+               if (proto != NULL) {
                        protolen = strlen(proto);
-               else
+                       if (protolen == 0 || protolen > 255)
+                               return NULL;
+               } else
                        protolen = 0;
                if (port < 0 || port > 65536)
                        return NULL;