summaryrefslogtreecommitdiff
path: root/lib/libc
diff options
context:
space:
mode:
authorVincent Labrecque <vincent@cvs.openbsd.org>2003-06-27 22:23:06 +0000
committerVincent Labrecque <vincent@cvs.openbsd.org>2003-06-27 22:23:06 +0000
commit296cbf159132ef463ecc2082584f7beb640b26b6 (patch)
tree5608728fbd4837f9dbc8cc757a224bea11cce121 /lib/libc
parentd53965e651f0aab441f9859fd1d7cc0e48db8798 (diff)
ensure we stay within the boundaries of our packet
ok itojun
Diffstat (limited to 'lib/libc')
-rw-r--r--lib/libc/net/gethostnamadr.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/lib/libc/net/gethostnamadr.c b/lib/libc/net/gethostnamadr.c
index 55244394687..0be63bec835 100644
--- a/lib/libc/net/gethostnamadr.c
+++ b/lib/libc/net/gethostnamadr.c
@@ -48,7 +48,7 @@
*/
#if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: gethostnamadr.c,v 1.56 2003/06/02 20:18:35 millert Exp $";
+static char rcsid[] = "$OpenBSD: gethostnamadr.c,v 1.57 2003/06/27 22:23:05 vincent Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
@@ -157,15 +157,12 @@ getanswer(answer, anslen, qname, qtype)
int qtype;
{
struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res);
- register const HEADER *hp;
- register const u_char *cp;
- register int n;
- const u_char *eom;
- char *bp, **ap, **hap, *ep;
- int type, class, ancount, qdcount;
- int haveanswer, had_error;
- int toobig = 0;
+ const HEADER *hp;
+ const u_char *cp, *eom;
char tbuf[MAXDNAME];
+ char *bp, **ap, **hap, *ep;
+ int type, class, ancount, qdcount, n;
+ int haveanswer, had_error, toobig = 0;
const char *tname;
int (*name_ok)(const char *);
@@ -234,12 +231,20 @@ getanswer(answer, anslen, qname, qtype)
continue;
}
cp += n; /* name */
+ if (cp > eom)
+ break;
type = _getshort(cp);
- cp += INT16SZ; /* type */
+ cp += INT16SZ; /* type */
+ if (cp > eom)
+ break;
class = _getshort(cp);
cp += INT16SZ + INT32SZ; /* class, TTL */
+ if (cp > eom)
+ break;
n = _getshort(cp);
cp += INT16SZ; /* len */
+ if (cp > eom)
+ break;
if (type == T_SIG) {
/* XXX - ignore signatures as we don't use them yet */
cp += n;