Re: gethostbyname2 seg.faults with "multi on" and IPv6

[Thorsten Kukuk <kukuk at suse dot de>]

Hi,

On Tue, Feb 11, Thorsten Kukuk wrote:

> if you add a host with two IPv6 addresses to /etc/hosts and writes
> "multi on" into /etc/host.conf, gethostbyname2 will return a broken
> hostent struct. h_addr_list[0] will contain a invalid pointer.
> This pointer contains one address of the host, not the pointer to
> this address.

I found the bug: when we calculate the start address of
new_h_addr_list, we don't reserve space for the alignement
of bufferend later. So the reserved space is to small and we
overwrite the first h_addr_list pointer.

The fix is to reserve the space for one more pointer:

2003-02-11  Thorsten Kukuk  <kukuk@suse.de>

	* nss/nss_files/files-hosts.c: Reserve space for one more pointer
	in the buffer to have enough space if we align the start of the
	buffer later.

--- nss/nss_files/files-hosts.c
+++ nss/nss_files/files-hosts.c	2003/02/11 12:54:17
@@ -1,5 +1,5 @@
 /* Hosts file parser in nss_files module.
-   Copyright (C) 1996,1997,1998,1999,2000,2001 Free Software Foundation, Inc.
+   Copyright (C) 1996,1997,1998,1999,2000,2001, 2003 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -181,7 +181,7 @@
 		  new_h_addr_list =					      \
 		    (char **) (bufferend				      \
 			       + roundup (newstrlen, sizeof (char *))	      \
-			       + 16);					      \
+			       + 16 + sizeof (char *));			      \
 		  new_h_aliases =					      \
 		    (char **) ((char *) new_h_addr_list			      \
 			       + (naddrs + 2) * sizeof (char *));	      \


-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B