AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-01-03 08:11:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

[BZ #4381]

Browse Source 
* nss/nss_files/files-hosts.c (HOST_DB_LOOKUP): Ensure sufficient
	alignment of buffer and tmp_buffer.
	* nis/nss_nis/nis-hosts.c (internal_nis_gethostent_r,
	internal_gethostbyname2_r, _nss_nis_gethostbyaddr_r): Ensure sufficient
	alignment of buffer.
	* resolv/nss_dns/dns-hosts.c (getanswer_r): Likewise.  Handle buflen
	bigger than INT_MAX.
	* resolv/nss_dns/dns-network.c (getanswer_r): Likewise.  Add errnop and
	h_errnop arguments.  Fail if buflen is too small.
	(_nss_dns_getnetbyname_r, _nss_dns_getnetbyaddr_r): Adjust callers.

2007-04-23  Jakub Jelinek  <jakub@redhat.com>
This commit is contained in:
Ulrich Drepper 2007-04-23 15:17:21 +00:00
parent a15ccd8f07
commit 2f1687b96b
4 changed files with 69 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ChangeLog
View File

@ -1,3 +1,17 @@
2007-04-23 Jakub Jelinek <jakub@redhat.com>
[BZ #4381]
* nss/nss_files/files-hosts.c (HOST_DB_LOOKUP): Ensure sufficient
alignment of buffer and tmp_buffer.
* nis/nss_nis/nis-hosts.c (internal_nis_gethostent_r,
internal_gethostbyname2_r, _nss_nis_gethostbyaddr_r): Ensure sufficient
alignment of buffer.
* resolv/nss_dns/dns-hosts.c (getanswer_r): Likewise. Handle buflen
bigger than INT_MAX.
* resolv/nss_dns/dns-network.c (getanswer_r): Likewise. Add errnop and
h_errnop arguments. Fail if buflen is too small.
(_nss_dns_getnetbyname_r, _nss_dns_getnetbyaddr_r): Adjust callers.
2007-04-23 Jakub Jelinek <jakub@redhat.com> 2007-04-23 Jakub Jelinek <jakub@redhat.com>
[BZ #4405] [BZ #4405]

20
nis/nss_nis/nis-hosts.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 1996-2000, 2002, 2003, 2006 Free Software Foundation, Inc. /* Copyright (C) 1996-2000, 2002, 2003, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library. This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996. Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
@ -134,13 +134,17 @@ internal_nis_gethostent_r (struct hostent *host, char *buffer,
if (__builtin_expect (yp_get_default_domain (&domain), 0)) if (__builtin_expect (yp_get_default_domain (&domain), 0))
return NSS_STATUS_UNAVAIL; return NSS_STATUS_UNAVAIL;
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
buffer += pad;
struct parser_data *data = (void *) buffer; struct parser_data *data = (void *) buffer;
if (__builtin_expect (buflen < sizeof *data + 1, 0)) if (__builtin_expect (buflen < sizeof *data + 1 + pad, 0))
{ {
*errnop = ERANGE; *errnop = ERANGE;
*h_errnop = NETDB_INTERNAL; *h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN; return NSS_STATUS_TRYAGAIN;
} }
buflen -= pad;
/* Get the next entry until we found a correct one. */ /* Get the next entry until we found a correct one. */
const size_t linebuflen = buffer + buflen - data->linebuffer; const size_t linebuflen = buffer + buflen - data->linebuffer;
@ -234,6 +238,9 @@ internal_gethostbyname2_r (const char *name, int af, struct hostent *host,
char *buffer, size_t buflen, int *errnop, char *buffer, size_t buflen, int *errnop,
int *h_errnop, int flags) int *h_errnop, int flags)
{ {
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
buffer += pad;
struct parser_data *data = (void *) buffer; struct parser_data *data = (void *) buffer;
if (name == NULL) if (name == NULL)
@ -246,12 +253,13 @@ internal_gethostbyname2_r (const char *name, int af, struct hostent *host,
if (yp_get_default_domain (&domain)) if (yp_get_default_domain (&domain))
return NSS_STATUS_UNAVAIL; return NSS_STATUS_UNAVAIL;
if (buflen < sizeof *data + 1) if (buflen < sizeof *data + 1 + pad)
{ {
*h_errnop = NETDB_INTERNAL; *h_errnop = NETDB_INTERNAL;
*errnop = ERANGE; *errnop = ERANGE;
return NSS_STATUS_TRYAGAIN; return NSS_STATUS_TRYAGAIN;
} }
buflen -= pad;
/* Convert name to lowercase. */ /* Convert name to lowercase. */
size_t namlen = strlen (name); size_t namlen = strlen (name);
@ -352,13 +360,17 @@ _nss_nis_gethostbyaddr_r (const void *addr, socklen_t addrlen, int af,
if (__builtin_expect (yp_get_default_domain (&domain), 0)) if (__builtin_expect (yp_get_default_domain (&domain), 0))
return NSS_STATUS_UNAVAIL; return NSS_STATUS_UNAVAIL;
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
buffer += pad;
struct parser_data *data = (void *) buffer; struct parser_data *data = (void *) buffer;
if (__builtin_expect (buflen < sizeof *data + 1, 0)) if (__builtin_expect (buflen < sizeof *data + 1 + pad, 0))
{ {
*errnop = ERANGE; *errnop = ERANGE;
*h_errnop = NETDB_INTERNAL; *h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN; return NSS_STATUS_TRYAGAIN;
} }
buflen -= pad;
char *buf = inet_ntoa (*(const struct in_addr *) addr); char *buf = inet_ntoa (*(const struct in_addr *) addr);

15
resolv/nss_dns/dns-host.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 1996-2003, 2004 Free Software Foundation, Inc. /* Copyright (C) 1996-2003, 2004, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library. This file is part of the GNU C Library.
Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996. Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996.
@ -465,8 +465,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
char *aliases[MAX_NR_ALIASES]; char *aliases[MAX_NR_ALIASES];
unsigned char host_addr[16]; /* IPv4 or IPv6 */ unsigned char host_addr[16]; /* IPv4 or IPv6 */
char *h_addr_ptrs[0]; char *h_addr_ptrs[0];
} *host_data = (struct host_data *) buffer; } *host_data;
int linebuflen = buflen - sizeof (struct host_data); int linebuflen;
register const HEADER *hp; register const HEADER *hp;
const u_char *end_of_message, *cp; const u_char *end_of_message, *cp;
int n, ancount, qdcount; int n, ancount, qdcount;
@ -478,8 +478,9 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
u_char packtmp[NS_MAXCDNAME]; u_char packtmp[NS_MAXCDNAME];
int have_to_map = 0; int have_to_map = 0;
int32_t ttl = 0; int32_t ttl = 0;
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
if (__builtin_expect (linebuflen, 0) < 0) buffer += pad;
if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
{ {
/* The buffer is too small. */ /* The buffer is too small. */
too_small: too_small:
@ -487,6 +488,10 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
*h_errnop = NETDB_INTERNAL; *h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN; return NSS_STATUS_TRYAGAIN;
} }
host_data = (struct host_data *) buffer;
linebuflen = buflen - sizeof (struct host_data);
if (buflen - sizeof (struct host_data) != linebuflen)
linebuflen = INT_MAX;
tname = qname; tname = qname;
result->h_name = NULL; result->h_name = NULL;

43
resolv/nss_dns/dns-network.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 1996, 1997, 1998, 1999, 2002, 2004 /* Copyright (C) 1996, 1997, 1998, 1999, 2002, 2004, 2007
Free Software Foundation, Inc. Free Software Foundation, Inc.
This file is part of the GNU C Library. This file is part of the GNU C Library.
Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996. Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996.
@ -102,7 +102,8 @@ extern int __ns_name_unpack (const u_char *, const u_char *,
/* Prototypes for local functions. */ /* Prototypes for local functions. */
static enum nss_status getanswer_r (const querybuf *answer, int anslen, static enum nss_status getanswer_r (const querybuf *answer, int anslen,
struct netent *result, char *buffer, struct netent *result, char *buffer,
size_t buflen, lookup_method net_i); size_t buflen, int *errnop, int *h_errnop,
lookup_method net_i);
enum nss_status enum nss_status
@ -142,7 +143,8 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result,
? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND; ? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND;
} }
status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, BYNAME); status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen,
errnop, herrnop, BYNAME);
if (net_buffer.buf != orig_net_buffer) if (net_buffer.buf != orig_net_buffer)
free (net_buffer.buf); free (net_buffer.buf);
return status; return status;
@ -218,7 +220,8 @@ _nss_dns_getnetbyaddr_r (uint32_t net, int type, struct netent *result,
? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND; ? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND;
} }
status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen, BYADDR); status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen,
errnop, herrnop, BYADDR);
if (net_buffer.buf != orig_net_buffer) if (net_buffer.buf != orig_net_buffer)
free (net_buffer.buf); free (net_buffer.buf);
if (status == NSS_STATUS_SUCCESS) if (status == NSS_STATUS_SUCCESS)
@ -240,7 +243,8 @@ _nss_dns_getnetbyaddr_r (uint32_t net, int type, struct netent *result,
static enum nss_status static enum nss_status
getanswer_r (const querybuf *answer, int anslen, struct netent *result, getanswer_r (const querybuf *answer, int anslen, struct netent *result,
char *buffer, size_t buflen, lookup_method net_i) char *buffer, size_t buflen, int *errnop, int *h_errnop,
lookup_method net_i)
{ {
/* /*
* Find first satisfactory answer * Find first satisfactory answer
@ -260,8 +264,25 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
{ {
char *aliases[MAX_NR_ALIASES]; char *aliases[MAX_NR_ALIASES];
char linebuffer[0]; char linebuffer[0];
} *net_data = (struct net_data *) buffer; } *net_data;
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct net_data);
buffer += pad;
if (__builtin_expect (buflen < sizeof (*net_data) + pad, 0))
{
/* The buffer is too small. */
too_small:
*errnop = ERANGE;
*h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN;
}
buflen -= pad;
net_data = (struct net_data *) buffer;
int linebuflen = buflen - offsetof (struct net_data, linebuffer); int linebuflen = buflen - offsetof (struct net_data, linebuffer);
if (buflen - offsetof (struct net_data, linebuffer) != linebuflen)
linebuflen = INT_MAX;
const unsigned char *end_of_message = &answer->buf[anslen]; const unsigned char *end_of_message = &answer->buf[anslen];
const HEADER *header_pointer = &answer->hdr; const HEADER *header_pointer = &answer->hdr;
/* #/records in the answer section. */ /* #/records in the answer section. */
@ -319,10 +340,7 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1) if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{ {
if (errno == EMSGSIZE) if (errno == EMSGSIZE)
{ goto too_small;
errno = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
n = -1; n = -1;
} }
@ -346,10 +364,7 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1) if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{ {
if (errno == EMSGSIZE) if (errno == EMSGSIZE)
{ goto too_small;
errno = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
n = -1; n = -1;
} }