This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH COMMITTED] getnameinfo: Avoid calling strnlen on uninitialized buffer
- From: fweimer at redhat dot com (Florian Weimer)
- To: libc-alpha at sourceware dot org
- Date: Wed, 04 May 2016 14:52:07 +0200
- Subject: [PATCH COMMITTED] getnameinfo: Avoid calling strnlen on uninitialized buffer
- Authentication-results: sourceware.org; auth=none
In the numeric AF_INET/AF_INET6 case, if inet_ntop fails
as the result of a short host buffer, we used to call strnlen
on the uninitialized host buffer.
2016-05-04 Florian Weimer <fweimer@redhat.com>
* inet/getnameinfo.c (gni_host_inet_numeric): Return EAI_OVERFLOW
in case of inet_ntop failure.
diff --git a/inet/getnameinfo.c b/inet/getnameinfo.c
index c649c49..c8de163 100644
--- a/inet/getnameinfo.c
+++ b/inet/getnameinfo.c
@@ -303,12 +303,12 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf,
const struct sockaddr *sa, socklen_t addrlen,
char *host, socklen_t hostlen, int flags)
{
- const char *c;
if (sa->sa_family == AF_INET6)
{
const struct sockaddr_in6 *sin6p = (const struct sockaddr_in6 *) sa;
- c = inet_ntop (AF_INET6,
- (const void *) &sin6p->sin6_addr, host, hostlen);
+ if (inet_ntop (AF_INET6, &sin6p->sin6_addr, host, hostlen) == NULL)
+ return EAI_OVERFLOW;
+
uint32_t scopeid = sin6p->sin6_scope_id;
if (scopeid != 0)
{
@@ -344,7 +344,7 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf,
if (real_hostlen + scopelen + 1 > hostlen)
/* Signal the buffer is too small. This is
what inet_ntop does. */
- c = NULL;
+ return EAI_OVERFLOW;
else
memcpy (host + real_hostlen, scopebuf, scopelen + 1);
}
@@ -352,10 +352,9 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf,
else
{
const struct sockaddr_in *sinp = (const struct sockaddr_in *) sa;
- c = inet_ntop (AF_INET, &sinp->sin_addr, host, hostlen);
+ if (inet_ntop (AF_INET, &sinp->sin_addr, host, hostlen) == NULL)
+ return EAI_OVERFLOW;
}
- if (c == NULL)
- return EAI_OVERFLOW;
return 0;
}