summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2002-06-26 06:01:17 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2002-06-26 06:01:17 +0000
commit3582dcab3a1f368876231dad9d11e0beb074cffc (patch)
tree6e1e8820a87326c9f4b8b003f79d1f9c42b39214
parente40c48d42917506d1a5e208a35251c588f4f104d (diff)
correct bad practice in the code - it uses two changing variables
to manage buffer (buf and buflen). we eliminate buflen and use fixed point (ep) as the ending pointer. this fix is NOT critical.
-rw-r--r--lib/libc/net/getaddrinfo.c17
-rw-r--r--lib/libc/net/res_mkquery.c31
2 files changed, 22 insertions, 26 deletions
diff --git a/lib/libc/net/getaddrinfo.c b/lib/libc/net/getaddrinfo.c
index d16900b4a0e..3f4d9164863 100644
--- a/lib/libc/net/getaddrinfo.c
+++ b/lib/libc/net/getaddrinfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: getaddrinfo.c,v 1.33 2002/02/17 19:42:23 millert Exp $ */
+/* $OpenBSD: getaddrinfo.c,v 1.34 2002/06/26 06:01:16 itojun Exp $ */
/* $KAME: getaddrinfo.c,v 1.31 2000/08/31 17:36:43 itojun Exp $ */
/*
@@ -1031,8 +1031,8 @@ getanswer(answer, anslen, qname, qtype, pai)
const u_char *cp;
int n;
const u_char *eom;
- char *bp;
- int type, class, buflen, ancount, qdcount;
+ char *bp, *ep;
+ int type, class, ancount, qdcount;
int haveanswer, had_error;
char tbuf[MAXDNAME];
int (*name_ok)(const char *);
@@ -1059,13 +1059,13 @@ getanswer(answer, anslen, qname, qtype, pai)
ancount = ntohs(hp->ancount);
qdcount = ntohs(hp->qdcount);
bp = hostbuf;
- buflen = sizeof hostbuf;
+ ep = hostbuf + sizeof hostbuf;
cp = answer->buf + HFIXEDSZ;
if (qdcount != 1) {
h_errno = NO_RECOVERY;
return (NULL);
}
- n = dn_expand(answer->buf, eom, cp, bp, buflen);
+ n = dn_expand(answer->buf, eom, cp, bp, ep - bp);
if ((n < 0) || !(*name_ok)(bp)) {
h_errno = NO_RECOVERY;
return (NULL);
@@ -1083,14 +1083,13 @@ getanswer(answer, anslen, qname, qtype, pai)
}
canonname = bp;
bp += n;
- buflen -= n;
/* The qname can be abbreviated, but h_name is now absolute. */
qname = canonname;
}
haveanswer = 0;
had_error = 0;
while (ancount-- > 0 && cp < eom && !had_error) {
- n = dn_expand(answer->buf, eom, cp, bp, buflen);
+ n = dn_expand(answer->buf, eom, cp, bp, ep - bp);
if ((n < 0) || !(*name_ok)(bp)) {
had_error++;
continue;
@@ -1117,14 +1116,13 @@ getanswer(answer, anslen, qname, qtype, pai)
cp += n;
/* Get canonical name. */
n = strlen(tbuf) + 1; /* for the \0 */
- if (n > buflen || n >= MAXHOSTNAMELEN) {
+ if (n > ep - bp || n >= MAXHOSTNAMELEN) {
had_error++;
continue;
}
strcpy(bp, tbuf);
canonname = bp;
bp += n;
- buflen -= n;
continue;
}
if (qtype == T_ANY) {
@@ -1164,7 +1162,6 @@ getanswer(answer, anslen, qname, qtype, pai)
canonname = bp;
nn = strlen(bp) + 1; /* for the \0 */
bp += nn;
- buflen -= nn;
}
/* don't overwrite pai */
diff --git a/lib/libc/net/res_mkquery.c b/lib/libc/net/res_mkquery.c
index e414b5060d9..6e57ec32178 100644
--- a/lib/libc/net/res_mkquery.c
+++ b/lib/libc/net/res_mkquery.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $ */
+/* $OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $ */
/*
* ++Copyright++ 1985, 1993
@@ -60,7 +60,7 @@
static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93";
static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $";
#else
-static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $";
+static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $";
#endif
#endif /* LIBC_SCCS and not lint */
@@ -91,7 +91,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
int buflen; /* size of buffer */
{
register HEADER *hp;
- register u_char *cp;
+ register u_char *cp, *ep;
register int n;
u_char *dnptrs[20], **dpp, **lastdnptr;
@@ -122,7 +122,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
hp->rd = (_res.options & RES_RECURSE) != 0;
hp->rcode = NOERROR;
cp = buf + HFIXEDSZ;
- buflen -= HFIXEDSZ;
+ ep = buf + buflen;
dpp = dnptrs;
*dpp++ = buf;
*dpp++ = NULL;
@@ -133,12 +133,12 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
switch (op) {
case QUERY: /*FALLTHROUGH*/
case NS_NOTIFY_OP:
- if ((buflen -= QFIXEDSZ) < 0)
+ if (ep - cp < QFIXEDSZ)
return (-1);
- if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0)
+ if ((n = dn_comp(dname, cp, ep - cp - QFIXEDSZ, dnptrs,
+ lastdnptr)) < 0)
return (-1);
cp += n;
- buflen -= n;
__putshort(type, cp);
cp += INT16SZ;
__putshort(class, cp);
@@ -149,12 +149,13 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
/*
* Make an additional record for completion domain.
*/
- buflen -= RRFIXEDSZ;
- n = dn_comp((char *)data, cp, buflen, dnptrs, lastdnptr);
+ if (ep - cp < RRFIXEDSZ)
+ return (-1);
+ n = dn_comp((char *)data, cp, ep - cp - RRFIXEDSZ, dnptrs,
+ lastdnptr);
if (n < 0)
return (-1);
cp += n;
- buflen -= n;
__putshort(T_NULL, cp);
cp += INT16SZ;
__putshort(class, cp);
@@ -170,7 +171,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen)
/*
* Initialize answer section
*/
- if (buflen < 1 + RRFIXEDSZ + datalen)
+ if (ep - cp < 1 + RRFIXEDSZ + datalen)
return (-1);
*cp++ = '\0'; /* no domain name */
__putshort(type, cp);
@@ -203,17 +204,16 @@ res_opt(n0, buf, buflen, anslen)
int anslen; /* answer buffer length */
{
register HEADER *hp;
- register u_char *cp;
+ register u_char *cp, *ep;
hp = (HEADER *) buf;
cp = buf + n0;
- buflen -= n0;
+ ep = buf + buflen;
- if (buflen < 1 + RRFIXEDSZ)
+ if (ep - cp < 1 + RRFIXEDSZ)
return -1;
*cp++ = 0; /* "." */
- buflen--;
__putshort(T_OPT, cp); /* TYPE */
cp += INT16SZ;
@@ -235,7 +235,6 @@ res_opt(n0, buf, buflen, anslen)
__putshort(0, cp); /* RDLEN */
cp += INT16SZ;
hp->arcount = htons(ntohs(hp->arcount) + 1);
- buflen -= RRFIXEDSZ;
return cp - buf;
}