From 533b5a4dc8a8bb1e1d4c8aab9d77e7933ba0ae22 Mon Sep 17 00:00:00 2001
From: Eric Faurot <eric@cvs.openbsd.org>
Date: Sun, 2 Nov 2014 13:59:17 +0000
Subject: Fix a NULL deref when getting an actual result for an invalid
 hostname in gethostbyname().  Similar fix for getnetbyname().

ok deraadt@ daniel@ jca@
---
 lib/libc/asr/gethostnamadr_async.c |  9 ++++-----
 lib/libc/asr/getnetnamadr_async.c  | 10 +++++-----
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/lib/libc/asr/gethostnamadr_async.c b/lib/libc/asr/gethostnamadr_async.c
index 82614f29cde..7d78e2bf2d0 100644
--- a/lib/libc/asr/gethostnamadr_async.c
+++ b/lib/libc/asr/gethostnamadr_async.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: gethostnamadr_async.c,v 1.31 2014/09/15 06:15:48 guenther Exp $	*/
+/*	$OpenBSD: gethostnamadr_async.c,v 1.32 2014/11/02 13:59:16 eric Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -357,13 +357,12 @@ gethostnamadr_async_run(struct asr_query *as, struct asr_result *ar)
 		}
 
 		/*
-		 * No address found in the dns packet. The blocking version
-		 * reports this as an error.
+		 * No valid hostname or address found in the dns packet.
+		 * Ignore it.
 		 */
 		if ((as->as_type == ASR_GETHOSTBYNAME &&
 		     h->h.h_addr_list[0] == NULL) ||
-		    (as->as_type == ASR_GETHOSTBYADDR &&
-		     h->h.h_name == NULL)) {
+		    h->h.h_name == NULL) {
 			free(h);
 			async_set_state(as, ASR_STATE_NEXT_DB);
 			break;
diff --git a/lib/libc/asr/getnetnamadr_async.c b/lib/libc/asr/getnetnamadr_async.c
index f31168ef005..42c371c37e0 100644
--- a/lib/libc/asr/getnetnamadr_async.c
+++ b/lib/libc/asr/getnetnamadr_async.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getnetnamadr_async.c,v 1.18 2014/09/15 06:15:48 guenther Exp $	*/
+/*	$OpenBSD: getnetnamadr_async.c,v 1.19 2014/11/02 13:59:16 eric Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -239,11 +239,11 @@ getnetnamadr_async_run(struct asr_query *as, struct asr_result *ar)
 			n->n.n_net = as->as.netnamadr.addr;
 
 		/*
-		 * No address found in the dns packet. The blocking version
-		 * reports this as an error.
+		 * No valid hostname or address found in the dns packet.
+		 * Ignore it.
 		 */
-		if (as->as_type == ASR_GETNETBYNAME && n->n.n_net == 0) {
-			 /* XXX wrong */
+		if ((as->as_type == ASR_GETNETBYNAME && n->n.n_net == 0) ||
+		    n->n.n_name == NULL) {
 			free(n);
 			async_set_state(as, ASR_STATE_NEXT_DB);
 			break;
-- 
cgit v1.2.3