AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-22 04:50:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

resolve: Remove __res_context_query alloca usage

Browse Source 
The bufsize on current Linux build is:

   size_t bufsize = (type == 439963904 ? 2 : 1) * (12 + 4 + 255 + 1);

So with upper bound as 544 (2 * (12 + 4 + 255 + 1)).  However, it might
increase to 2 * PACKETSIZE later with malloc.  The default scratch_buffer
should fullfill the most usual allocation requirement.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Joe Simmons-Talbott <josimmon@redhat.com>
This commit is contained in:
Adhemerval Zanella 2023-09-20 10:16:07 +00:00
parent 08e9a60a1a
commit 40c0add7d4
1 changed files with 22 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
resolv/res_query.c
View File

@ -80,6 +80,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <shlib-compat.h> #include <shlib-compat.h>
#include <scratch_buffer.h>
#if PACKETSZ > 65536 #if PACKETSZ > 65536
#define MAXPACKET PACKETSZ #define MAXPACKET PACKETSZ
@ -114,11 +115,14 @@ __res_context_query (struct resolv_context *ctx, const char *name,
struct __res_state *statp = ctx->resp; struct __res_state *statp = ctx->resp;
UHEADER *hp = (UHEADER *) answer; UHEADER *hp = (UHEADER *) answer;
UHEADER *hp2; UHEADER *hp2;
int n, use_malloc = 0; int n;
size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE; /* It requires 2 times QUERYSIZE for type == T_QUERY_A_AND_AAAA. */
u_char *buf = alloca (bufsize); struct scratch_buffer buf;
u_char *query1 = buf; scratch_buffer_init (&buf);
_Static_assert (2 * QUERYSIZE <= sizeof (buf.__space.__c),
"scratch_buffer too small");
u_char *query1 = buf.data;
int nquery1 = -1; int nquery1 = -1;
u_char *query2 = NULL; u_char *query2 = NULL;
int nquery2 = 0; int nquery2 = 0;
@ -129,37 +133,28 @@ __res_context_query (struct resolv_context *ctx, const char *name,
if (type == T_QUERY_A_AND_AAAA) if (type == T_QUERY_A_AND_AAAA)
{ {
n = __res_context_mkquery (ctx, QUERY, name, class, T_A, NULL, n = __res_context_mkquery (ctx, QUERY, name, class, T_A, NULL,
query1, bufsize); query1, buf.length);
if (n > 0) if (n > 0)
{ {
if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0) if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
{ {
/* Use RESOLV_EDNS_BUFFER_SIZE because the receive /* Use RESOLV_EDNS_BUFFER_SIZE because the receive
buffer can be reallocated. */ buffer can be reallocated. */
n = __res_nopt (ctx, n, query1, bufsize, n = __res_nopt (ctx, n, query1, buf.length,
RESOLV_EDNS_BUFFER_SIZE); RESOLV_EDNS_BUFFER_SIZE);
if (n < 0) if (n < 0)
goto unspec_nomem; goto unspec_nomem;
} }
nquery1 = n; nquery1 = n;
/* Align the buffer. */ query2 = buf.data + n;
int npad = ((nquery1 + __alignof__ (HEADER) - 1)
& ~(__alignof__ (HEADER) - 1)) - nquery1;
if (n > bufsize - npad)
{
n = -1;
goto unspec_nomem;
}
int nused = n + npad;
query2 = buf + nused;
n = __res_context_mkquery (ctx, QUERY, name, class, T_AAAA, n = __res_context_mkquery (ctx, QUERY, name, class, T_AAAA,
NULL, query2, bufsize - nused); NULL, query2, buf.length - n);
if (n > 0 if (n > 0
&& (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0) && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
/* Use RESOLV_EDNS_BUFFER_SIZE because the receive /* Use RESOLV_EDNS_BUFFER_SIZE because the receive
buffer can be reallocated. */ buffer can be reallocated. */
n = __res_nopt (ctx, n, query2, bufsize, n = __res_nopt (ctx, n, query2, buf.length,
RESOLV_EDNS_BUFFER_SIZE); RESOLV_EDNS_BUFFER_SIZE);
nquery2 = n; nquery2 = n;
} }
@ -169,7 +164,7 @@ __res_context_query (struct resolv_context *ctx, const char *name,
else else
{ {
n = __res_context_mkquery (ctx, QUERY, name, class, type, NULL, n = __res_context_mkquery (ctx, QUERY, name, class, type, NULL,
query1, bufsize); query1, buf.length);
if (n > 0 if (n > 0
&& (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0) && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
@ -181,27 +176,25 @@ __res_context_query (struct resolv_context *ctx, const char *name,
advertise = anslen; advertise = anslen;
else else
advertise = RESOLV_EDNS_BUFFER_SIZE; advertise = RESOLV_EDNS_BUFFER_SIZE;
n = __res_nopt (ctx, n, query1, bufsize, advertise); n = __res_nopt (ctx, n, query1, buf.length, advertise);
} }
nquery1 = n; nquery1 = n;
} }
if (__glibc_unlikely (n <= 0) && !use_malloc) { if (__glibc_unlikely (n <= 0)) {
/* Retry just in case res_nmkquery failed because of too /* Retry just in case res_nmkquery failed because of too
short buffer. Shouldn't happen. */ short buffer. Shouldn't happen. */
bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET; if (scratch_buffer_set_array_size (&buf,
buf = malloc (bufsize); T_QUERY_A_AND_AAAA ? 2 : 1,
if (buf != NULL) { MAXPACKET)) {
query1 = buf; query1 = buf.data;
use_malloc = 1;
goto again; goto again;
} }
} }
if (__glibc_unlikely (n <= 0)) { if (__glibc_unlikely (n <= 0)) {
RES_SET_H_ERRNO(statp, NO_RECOVERY); RES_SET_H_ERRNO(statp, NO_RECOVERY);
if (use_malloc) scratch_buffer_free (&buf);
free (buf);
return (n); return (n);
} }
@ -224,8 +217,7 @@ __res_context_query (struct resolv_context *ctx, const char *name,
answerp2_malloced); answerp2_malloced);
} }
if (use_malloc) scratch_buffer_free (&buf);
free (buf);
if (n < 0) { if (n < 0) {
RES_SET_H_ERRNO(statp, TRY_AGAIN); RES_SET_H_ERRNO(statp, TRY_AGAIN);
return (n); return (n);