This is the mail archive of the libc-hacker@sourceware.org mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
Hi!
gethostby*_r functions are passed a char buffer, but the API docs don't say
anywhere how aligned it is supposed to be. While most of services are happy
with any alignment, as they use it just a char buffer, gethostby* wants to
store pointers in that buffer. On strict alignment hosts this results
in SIGBUS.
The following patch ensures the buffer is aligned if needed and buflen
correspondingly decreased.
2007-04-23 Jakub Jelinek <jakub@redhat.com>
[BZ #4381]
* nss/nss_files/files-hosts.c (HOST_DB_LOOKUP): Ensure sufficient
alignment of buffer and tmp_buffer.
* nis/nss_nis/nis-hosts.c (internal_nis_gethostent_r,
internal_gethostbyname2_r, _nss_nis_gethostbyaddr_r): Ensure sufficient
alignment of buffer.
* resolv/nss_dns/dns-hosts.c (getanswer_r): Likewise. Handle buflen
bigger than INT_MAX.
* resolv/nss_dns/dns-network.c (getanswer_r): Likewise. Add errnop and
h_errnop arguments. Fail if buflen is too small.
(_nss_dns_getnetbyname_r, _nss_dns_getnetbyaddr_r): Adjust callers.
--- libc/nss/nss_files/files-hosts.c.jj 2006-11-30 23:49:12.000000000 +0100
+++ libc/nss/nss_files/files-hosts.c 2007-04-17 21:52:02.000000000 +0200
@@ -1,5 +1,6 @@
/* Hosts file parser in nss_files module.
- Copyright (C) 1996-2001, 2003, 2004, 2006 Free Software Foundation, Inc.
+ Copyright (C) 1996-2001, 2003, 2004, 2006, 2007
+ Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -102,6 +103,10 @@ _nss_files_get##name##_r (proto,
{ \
enum nss_status status; \
\
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct hostent_data); \
+ buffer += pad; \
+ buflen = buflen > pad ? buflen - pad : 0; \
+ \
__libc_lock_lock (lock); \
\
/* Reset file pointer to beginning or open file. */ \
@@ -122,7 +127,8 @@ _nss_files_get##name##_r (proto,
{ \
/* We have to get all host entries from the file. */ \
const size_t tmp_buflen = MIN (buflen, 4096); \
- char tmp_buffer[tmp_buflen]; \
+ char tmp_buffer[tmp_buflen] \
+ __attribute__ ((__aligned__ (__alignof__ (struct hostent_data))));\
struct hostent tmp_result_buf; \
int naddrs = 1; \
int naliases = 0; \
--- libc/resolv/nss_dns/dns-network.c.jj 2005-02-17 02:16:23.000000000 +0100
+++ libc/resolv/nss_dns/dns-network.c 2007-04-17 23:13:46.000000000 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996, 1997, 1998, 1999, 2002, 2004
+/* Copyright (C) 1996, 1997, 1998, 1999, 2002, 2004, 2007
Free Software Foundation, Inc.
This file is part of the GNU C Library.
Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -102,7 +102,8 @@ extern int __ns_name_unpack (const u_cha
/* Prototypes for local functions. */
static enum nss_status getanswer_r (const querybuf *answer, int anslen,
struct netent *result, char *buffer,
- size_t buflen, lookup_method net_i);
+ size_t buflen, int *errnop, int *h_errnop,
+ lookup_method net_i);
enum nss_status
@@ -142,7 +143,8 @@ _nss_dns_getnetbyname_r (const char *nam
? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND;
}
- status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, BYNAME);
+ status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen,
+ errnop, herrnop, BYNAME);
if (net_buffer.buf != orig_net_buffer)
free (net_buffer.buf);
return status;
@@ -218,7 +220,8 @@ _nss_dns_getnetbyaddr_r (uint32_t net, i
? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND;
}
- status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, BYADDR);
+ status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen,
+ errnop, herrnop, BYADDR);
if (net_buffer.buf != orig_net_buffer)
free (net_buffer.buf);
if (status == NSS_STATUS_SUCCESS)
@@ -240,7 +243,8 @@ _nss_dns_getnetbyaddr_r (uint32_t net, i
static enum nss_status
getanswer_r (const querybuf *answer, int anslen, struct netent *result,
- char *buffer, size_t buflen, lookup_method net_i)
+ char *buffer, size_t buflen, int *errnop, int *h_errnop,
+ lookup_method net_i)
{
/*
* Find first satisfactory answer
@@ -260,8 +264,25 @@ getanswer_r (const querybuf *answer, int
{
char *aliases[MAX_NR_ALIASES];
char linebuffer[0];
- } *net_data = (struct net_data *) buffer;
+ } *net_data;
+
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct net_data);
+ buffer += pad;
+
+ if (__builtin_expect (buflen < sizeof (*net_data) + pad, 0))
+ {
+ /* The buffer is too small. */
+ too_small:
+ *errnop = ERANGE;
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_TRYAGAIN;
+ }
+ buflen -= pad;
+
+ net_data = (struct net_data *) buffer;
int linebuflen = buflen - offsetof (struct net_data, linebuffer);
+ if (buflen - offsetof (struct net_data, linebuffer) != linebuflen)
+ linebuflen = INT_MAX;
const unsigned char *end_of_message = &answer->buf[anslen];
const HEADER *header_pointer = &answer->hdr;
/* #/records in the answer section. */
@@ -319,10 +340,7 @@ getanswer_r (const querybuf *answer, int
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{
if (errno == EMSGSIZE)
- {
- errno = ERANGE;
- return NSS_STATUS_TRYAGAIN;
- }
+ goto too_small;
n = -1;
}
@@ -346,10 +364,7 @@ getanswer_r (const querybuf *answer, int
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{
if (errno == EMSGSIZE)
- {
- errno = ERANGE;
- return NSS_STATUS_TRYAGAIN;
- }
+ goto too_small;
n = -1;
}
--- libc/resolv/nss_dns/dns-host.c.jj 2004-10-25 01:02:07.000000000 +0200
+++ libc/resolv/nss_dns/dns-host.c 2007-04-17 22:15:27.000000000 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996-2003, 2004 Free Software Foundation, Inc.
+/* Copyright (C) 1996-2003, 2004, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -465,8 +465,8 @@ getanswer_r (const querybuf *answer, int
char *aliases[MAX_NR_ALIASES];
unsigned char host_addr[16]; /* IPv4 or IPv6 */
char *h_addr_ptrs[0];
- } *host_data = (struct host_data *) buffer;
- int linebuflen = buflen - sizeof (struct host_data);
+ } *host_data;
+ int linebuflen;
register const HEADER *hp;
const u_char *end_of_message, *cp;
int n, ancount, qdcount;
@@ -478,8 +478,9 @@ getanswer_r (const querybuf *answer, int
u_char packtmp[NS_MAXCDNAME];
int have_to_map = 0;
int32_t ttl = 0;
-
- if (__builtin_expect (linebuflen, 0) < 0)
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+ buffer += pad;
+ if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
{
/* The buffer is too small. */
too_small:
@@ -487,6 +488,10 @@ getanswer_r (const querybuf *answer, int
*h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN;
}
+ host_data = (struct host_data *) buffer;
+ linebuflen = buflen - sizeof (struct host_data);
+ if (buflen - sizeof (struct host_data) != linebuflen)
+ linebuflen = INT_MAX;
tname = qname;
result->h_name = NULL;
--- libc/nis/nss_nis/nis-hosts.c.jj 2006-04-09 04:08:28.000000000 +0200
+++ libc/nis/nss_nis/nis-hosts.c 2007-04-17 22:40:19.000000000 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996-2000, 2002, 2003, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1996-2000, 2002, 2003, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
@@ -134,13 +134,17 @@ internal_nis_gethostent_r (struct hosten
if (__builtin_expect (yp_get_default_domain (&domain), 0))
return NSS_STATUS_UNAVAIL;
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
+ buffer += pad;
+
struct parser_data *data = (void *) buffer;
- if (__builtin_expect (buflen < sizeof *data + 1, 0))
+ if (__builtin_expect (buflen < sizeof *data + 1 + pad, 0))
{
*errnop = ERANGE;
*h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN;
}
+ buflen -= pad;
/* Get the next entry until we found a correct one. */
const size_t linebuflen = buffer + buflen - data->linebuffer;
@@ -234,6 +238,9 @@ internal_gethostbyname2_r (const char *n
char *buffer, size_t buflen, int *errnop,
int *h_errnop, int flags)
{
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
+ buffer += pad;
+
struct parser_data *data = (void *) buffer;
if (name == NULL)
@@ -246,12 +253,13 @@ internal_gethostbyname2_r (const char *n
if (yp_get_default_domain (&domain))
return NSS_STATUS_UNAVAIL;
- if (buflen < sizeof *data + 1)
+ if (buflen < sizeof *data + 1 + pad)
{
*h_errnop = NETDB_INTERNAL;
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
+ buflen -= pad;
/* Convert name to lowercase. */
size_t namlen = strlen (name);
@@ -352,13 +360,17 @@ _nss_nis_gethostbyaddr_r (const void *ad
if (__builtin_expect (yp_get_default_domain (&domain), 0))
return NSS_STATUS_UNAVAIL;
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
+ buffer += pad;
+
struct parser_data *data = (void *) buffer;
- if (__builtin_expect (buflen < sizeof *data + 1, 0))
+ if (__builtin_expect (buflen < sizeof *data + 1 + pad, 0))
{
*errnop = ERANGE;
*h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN;
}
+ buflen -= pad;
char *buf = inet_ntoa (*(const struct in_addr *) addr);
Jakub
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |