diff options
Diffstat (limited to 'lib/libc/net')
| -rw-r--r-- | lib/libc/net/getaddrinfo.c | 17 | ||||
| -rw-r--r-- | lib/libc/net/res_mkquery.c | 31 |
2 files changed, 22 insertions, 26 deletions
diff --git a/lib/libc/net/getaddrinfo.c b/lib/libc/net/getaddrinfo.c index d16900b4a0e..3f4d9164863 100644 --- a/lib/libc/net/getaddrinfo.c +++ b/lib/libc/net/getaddrinfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getaddrinfo.c,v 1.33 2002/02/17 19:42:23 millert Exp $ */ +/* $OpenBSD: getaddrinfo.c,v 1.34 2002/06/26 06:01:16 itojun Exp $ */ /* $KAME: getaddrinfo.c,v 1.31 2000/08/31 17:36:43 itojun Exp $ */ /* @@ -1031,8 +1031,8 @@ getanswer(answer, anslen, qname, qtype, pai) const u_char *cp; int n; const u_char *eom; - char *bp; - int type, class, buflen, ancount, qdcount; + char *bp, *ep; + int type, class, ancount, qdcount; int haveanswer, had_error; char tbuf[MAXDNAME]; int (*name_ok)(const char *); @@ -1059,13 +1059,13 @@ getanswer(answer, anslen, qname, qtype, pai) ancount = ntohs(hp->ancount); qdcount = ntohs(hp->qdcount); bp = hostbuf; - buflen = sizeof hostbuf; + ep = hostbuf + sizeof hostbuf; cp = answer->buf + HFIXEDSZ; if (qdcount != 1) { h_errno = NO_RECOVERY; return (NULL); } - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { h_errno = NO_RECOVERY; return (NULL); @@ -1083,14 +1083,13 @@ getanswer(answer, anslen, qname, qtype, pai) } canonname = bp; bp += n; - buflen -= n; /* The qname can be abbreviated, but h_name is now absolute. */ qname = canonname; } haveanswer = 0; had_error = 0; while (ancount-- > 0 && cp < eom && !had_error) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { had_error++; continue; @@ -1117,14 +1116,13 @@ getanswer(answer, anslen, qname, qtype, pai) cp += n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen || n >= MAXHOSTNAMELEN) { + if (n > ep - bp || n >= MAXHOSTNAMELEN) { had_error++; continue; } strcpy(bp, tbuf); canonname = bp; bp += n; - buflen -= n; continue; } if (qtype == T_ANY) { @@ -1164,7 +1162,6 @@ getanswer(answer, anslen, qname, qtype, pai) canonname = bp; nn = strlen(bp) + 1; /* for the \0 */ bp += nn; - buflen -= nn; } /* don't overwrite pai */ diff --git a/lib/libc/net/res_mkquery.c b/lib/libc/net/res_mkquery.c index e414b5060d9..6e57ec32178 100644 --- a/lib/libc/net/res_mkquery.c +++ b/lib/libc/net/res_mkquery.c @@ -1,4 +1,4 @@ -/* $OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $ */ +/* $OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $ */ /* * ++Copyright++ 1985, 1993 @@ -60,7 +60,7 @@ static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $"; +static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.11 2002/06/26 06:01:16 itojun Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -91,7 +91,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) int buflen; /* size of buffer */ { register HEADER *hp; - register u_char *cp; + register u_char *cp, *ep; register int n; u_char *dnptrs[20], **dpp, **lastdnptr; @@ -122,7 +122,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) hp->rd = (_res.options & RES_RECURSE) != 0; hp->rcode = NOERROR; cp = buf + HFIXEDSZ; - buflen -= HFIXEDSZ; + ep = buf + buflen; dpp = dnptrs; *dpp++ = buf; *dpp++ = NULL; @@ -133,12 +133,12 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) switch (op) { case QUERY: /*FALLTHROUGH*/ case NS_NOTIFY_OP: - if ((buflen -= QFIXEDSZ) < 0) + if (ep - cp < QFIXEDSZ) return (-1); - if ((n = dn_comp(dname, cp, buflen, dnptrs, lastdnptr)) < 0) + if ((n = dn_comp(dname, cp, ep - cp - QFIXEDSZ, dnptrs, + lastdnptr)) < 0) return (-1); cp += n; - buflen -= n; __putshort(type, cp); cp += INT16SZ; __putshort(class, cp); @@ -149,12 +149,13 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) /* * Make an additional record for completion domain. */ - buflen -= RRFIXEDSZ; - n = dn_comp((char *)data, cp, buflen, dnptrs, lastdnptr); + if (ep - cp < RRFIXEDSZ) + return (-1); + n = dn_comp((char *)data, cp, ep - cp - RRFIXEDSZ, dnptrs, + lastdnptr); if (n < 0) return (-1); cp += n; - buflen -= n; __putshort(T_NULL, cp); cp += INT16SZ; __putshort(class, cp); @@ -170,7 +171,7 @@ res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) /* * Initialize answer section */ - if (buflen < 1 + RRFIXEDSZ + datalen) + if (ep - cp < 1 + RRFIXEDSZ + datalen) return (-1); *cp++ = '\0'; /* no domain name */ __putshort(type, cp); @@ -203,17 +204,16 @@ res_opt(n0, buf, buflen, anslen) int anslen; /* answer buffer length */ { register HEADER *hp; - register u_char *cp; + register u_char *cp, *ep; hp = (HEADER *) buf; cp = buf + n0; - buflen -= n0; + ep = buf + buflen; - if (buflen < 1 + RRFIXEDSZ) + if (ep - cp < 1 + RRFIXEDSZ) return -1; *cp++ = 0; /* "." */ - buflen--; __putshort(T_OPT, cp); /* TYPE */ cp += INT16SZ; @@ -235,7 +235,6 @@ res_opt(n0, buf, buflen, anslen) __putshort(0, cp); /* RDLEN */ cp += INT16SZ; hp->arcount = htons(ntohs(hp->arcount) + 1); - buflen -= RRFIXEDSZ; return cp - buf; } |