fluencelabs/musl
1
0
Fork 0
mirror of https://github.com/fluencelabs/musl synced 2025-06-24 12:12:04 +00:00
Code Issues Projects Releases Wiki Activity

fix off-by-one in checking hostname length in new resolver backend

Browse Source 
this bug was introduced in the recent resolver overhaul commits. it
likely had visible symptoms. these were probably limited to wrongly
accepting truncated versions of over-long names (vs rejecting them),
as opposed to stack-based overflows or anything more severe, but no
extensive checks were made. there have been no releases where this bug
was present.
This commit is contained in:
Rich Felker
2014-06-02 01:31:28 -04:00
parent af7c308ee6
commit bb9af59bba
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/network/lookup_name.c
View File

@ -14,7 +14,7 @@
static int is_valid_hostname(const char *host) static int is_valid_hostname(const char *host)
{ {
const unsigned char *s; const unsigned char *s;
if (strnlen(host, 255)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0; if (strnlen(host, 256)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++); for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++);
return !*s; return !*s;
} }
@ -119,7 +119,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c
*canon = 0; *canon = 0;
if (name) { if (name) {
size_t l; size_t l;
if ((l = strnlen(name, 255))-1 > 254) if ((l = strnlen(name, 256))-1 > 254)
return EAI_NONAME; return EAI_NONAME;
memcpy(canon, name, l+1); memcpy(canon, name, l+1);
} }