This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
> > hjl@varesearch.com (H.J. Lu) writes: > > > nscd and getxxxxx_r () in glibc 2.1.2 are all screwed up. hstcache.c > > in nscd has: > > First, you are getting extremely on my nerves with your constant > "everything is screwed up, nothing works". If *always* is wrong. > > Second, I have not the slightest idea what you are talking about. I > just wasted some minutes looking through the code finding no problem > since errno and h_errno are always set correctly in the file you > mentioned. Thanks a lot. I really should go back to my mode where I > ignore your mails if you do not give detailed explanations. > I shouldn't have sent out my bug report without a patch. The code may be hard to understand. Here is my patch. Let me know if you have any questions on the patch. I will fix other similar bugs if I encounter them later. Sorry for that. Thanks. H.J. ---- Tue Aug 10 07:54:44 1999 H.J. Lu <hjl@gnu.org> * resolv/nss_dns/dns-host.c (getanswer_r): Cleanup out-of- buffer handling. Index: resolv/nss_dns/dns-host.c =================================================================== RCS file: /work/cvs/gnu/glibc-2.1/resolv/nss_dns/dns-host.c,v retrieving revision 1.1.1.11 diff -u -p -r1.1.1.11 dns-host.c --- resolv/nss_dns/dns-host.c 1999/06/17 15:38:20 1.1.1.11 +++ resolv/nss_dns/dns-host.c 1999/08/10 14:32:58 @@ -422,11 +422,7 @@ getanswer_r (const querybuf *answer, int if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1) { if (errno == EMSGSIZE) - { - *errnop = ERANGE; - *h_errnop = NETDB_INTERNAL; - return NSS_STATUS_TRYAGAIN; - } + goto too_small; n = -1; } @@ -473,7 +469,9 @@ getanswer_r (const querybuf *answer, int linebuflen -= n; /* Get canonical name. */ n = strlen (tbuf) + 1; /* For the \0. */ - if ((size_t) n > buflen || n >= MAXHOSTNAMELEN) + if ((size_t) n > linebuflen) + goto too_small; + if (n >= MAXHOSTNAMELEN) { ++had_error; continue; @@ -495,7 +493,9 @@ getanswer_r (const querybuf *answer, int cp += n; /* Get canonical name. */ n = strlen (tbuf) + 1; /* For the \0. */ - if ((size_t) n > buflen || n >= MAXHOSTNAMELEN) + if ((size_t) n > linebuflen) + goto too_small; + if (n >= MAXHOSTNAMELEN) { ++had_error; continue; @@ -539,11 +539,7 @@ getanswer_r (const querybuf *answer, int if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1) { if (errno == EMSGSIZE) - { - *errnop = ERANGE; - *h_errnop = NETDB_INTERNAL; - return NSS_STATUS_TRYAGAIN; - } + goto too_small; n = -1; } @@ -616,11 +612,8 @@ getanswer_r (const querybuf *answer, int linebuflen -= sizeof (align) - ((u_long) bp % sizeof (align)); bp += sizeof (align) - ((u_long) bp % sizeof (align)); - if (n >= linebuflen) - { - ++had_error; - continue; - } + if (n > linebuflen) + goto too_small; if (hap >= &host_data->h_addr_ptrs[MAX_NR_ADDRS-1]) { cp += n; @@ -655,11 +648,7 @@ getanswer_r (const querybuf *answer, int { n = strlen (qname) + 1; /* For the \0. */ if (n > linebuflen) - { - *errnop = ERANGE; - *h_errnop = NETDB_INTERNAL; - return NSS_STATUS_TRYAGAIN; - } + goto too_small; if (n >= MAXHOSTNAMELEN) goto no_recovery; result->h_name = bp;
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |