diff options
author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2002-06-26 06:01:17 +0000 |
---|---|---|
committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2002-06-26 06:01:17 +0000 |
commit | 3582dcab3a1f368876231dad9d11e0beb074cffc (patch) | |
tree | 6e1e8820a87326c9f4b8b003f79d1f9c42b39214 /lib/libc | |
parent | e40c48d42917506d1a5e208a35251c588f4f104d (diff) |
correct bad practice in the code - it uses two changing variables
to manage buffer (buf and buflen). we eliminate buflen and use
fixed point (ep) as the ending pointer.
this fix is NOT critical.
Diffstat (limited to 'lib/libc')
-rw-r--r-- | lib/libc/net/getaddrinfo.c | 17 | ||||
-rw-r--r-- | lib/libc/net/res_mkquery.c | 31 |
2 files changed, 22 insertions, 26 deletions
diff --git a/lib/libc/net/getaddrinfo.c b/lib/libc/net/getaddrinfo.c index d16900b4a0e..3f4d9164863 100644 --- a/lib/libc/net/getaddrinfo.c +++ b/lib/libc/net/getaddrinfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getaddrinfo.c,v 1.33 2002/02/17 19:42:23 millert Exp $ */ +/* $OpenBSD: getaddrinfo.c,v 1.34 2002/06/26 06:01:16 itojun Exp $ */ /* $KAME: getaddrinfo.c,v 1.31 2000/08/31 17:36:43 itojun Exp $ */ /* @@ -1031,8 +1031,8 @@ getanswer(answer, anslen, qname, qtype, pai) const u_char *cp; int n; const u_char *eom; - char *bp; - int type, class, buflen, ancount, qdcount; + char *bp, *ep; + int type, class, ancount, qdcount; int haveanswer, had_error; char tbuf[MAXDNAME]; int (*name_ok)(const char *); @@ -1059,13 +1059,13 @@ getanswer(answer, anslen, qname, qtype, pai) ancount = ntohs(hp->ancount); qdcount = ntohs(hp->qdcount); bp = hostbuf; - buflen = sizeof hostbuf; + ep = hostbuf + sizeof hostbuf; cp = answer->buf + HFIXEDSZ; if (qdcount != 1) { h_errno = NO_RECOVERY; return (NULL); } - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { h_errno = NO_RECOVERY; return (NULL); @@ -1083,14 +1083,13 @@ getanswer(answer, anslen, qname, qtype, pai) } canonname = bp; bp += n; - buflen -= n; /* The qname can be abbreviated, but h_name is now absolute. */ qname = canonname; } haveanswer = 0; had_error = 0; while (ancount-- > 0 && cp < eom && !had_error) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { had_error++; continue; @@ -1117,14 +1116,13 @@ getanswer(answer, anslen, qname, qtype, pai) cp += n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen || n >= MAXHOSTNAMELEN) { + if (n > ep - bp || n >= MAXHOSTNAMELEN) { had_error++; continue; } strcpy(bp, tbuf); canonname = bp; bp += n; - buflen -= n; continue; } if (qtype == T_ANY) { @@ -1164,7 +1162,6 @@ getanswer(answer, anslen, qname, qtype, pai) canonname = bp; nn = strlen(bp) + 1; /* for the \0 */ bp += nn; - buflen -= nn; } /* don't overwrite pai */ diff --git a/lib/libc/net/res_mkquery.c b/lib/libc/net/res_mkquery.c index e414b5060d9..6e57ec32178 100644 --- a/lib/libc/net/res_mkquery.c +++ b/lib/libc/net/res_mkquery.c @@ -1,4 +1,4 @@ -/* $OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $ */ +/* $OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $ */ /* * ++Copyright++ 1985, 1993 @@ -60,7 +60,7 @@ static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $"; +static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -91,7 +91,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) int buflen; /* size of buffer */ { register HEADER *hp; - register u_char *cp; + register u_char *cp, *ep; register int n; u_char *dnptrs[20], **dpp, **lastdnptr; @@ -122,7 +122,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) hp->rd = (_res.options & RES_RECURSE) != 0; hp->rcode = NOERROR; cp = buf + HFIXEDSZ; - buflen -= HFIXEDSZ; + ep = buf + buflen; dpp = dnptrs; *dpp++ = buf; *dpp++ = NULL; @@ -133,12 +133,12 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) switch (op) { case QUERY: /*FALLTHROUGH*/ case NS_NOTIFY_OP: - if ((buflen -= QFIXEDSZ) < 0) + if (ep - cp < QFIXEDSZ) return (-1); - if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0) + if ((n = dn_comp(dname, cp, ep - cp - QFIXEDSZ, dnptrs, + lastdnptr)) < 0) return (-1); cp += n; - buflen -= n; __putshort(type, cp); cp += INT16SZ; __putshort(class, cp); @@ -149,12 +149,13 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) /* * Make an additional record for completion domain. */ - buflen -= RRFIXEDSZ; - n = dn_comp((char *)data, cp, buflen, dnptrs, lastdnptr); + if (ep - cp < RRFIXEDSZ) + return (-1); + n = dn_comp((char *)data, cp, ep - cp - RRFIXEDSZ, dnptrs, + lastdnptr); if (n < 0) return (-1); cp += n; - buflen -= n; __putshort(T_NULL, cp); cp += INT16SZ; __putshort(class, cp); @@ -170,7 +171,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) /* * Initialize answer section */ - if (buflen < 1 + RRFIXEDSZ + datalen) + if (ep - cp < 1 + RRFIXEDSZ + datalen) return (-1); *cp++ = '\0'; /* no domain name */ __putshort(type, cp); @@ -203,17 +204,16 @@ res_opt(n0, buf, buflen, anslen) int anslen; /* answer buffer length */ { register HEADER *hp; - register u_char *cp; + register u_char *cp, *ep; hp = (HEADER *) buf; cp = buf + n0; - buflen -= n0; + ep = buf + buflen; - if (buflen < 1 + RRFIXEDSZ) + if (ep - cp < 1 + RRFIXEDSZ) return -1; *cp++ = 0; /* "." */ - buflen--; __putshort(T_OPT, cp); /* TYPE */ cp += INT16SZ; @@ -235,7 +235,6 @@ res_opt(n0, buf, buflen, anslen) __putshort(0, cp); /* RDLEN */ cp += INT16SZ; hp->arcount = htons(ntohs(hp->arcount) + 1); - buflen -= RRFIXEDSZ; return cp - buf; } |