Changeset 8553d64 in rtems


Ignore:
Timestamp:
02/14/12 15:46:04 (11 years ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
4.9
Children:
e446d32
Parents:
97137a4
git-author:
Sebastian Huber <sebastian.huber@…> (02/14/12 15:46:04)
git-committer:
Sebastian Huber <sebastian.huber@…> (11/24/14 08:14:23)
Message:

Avoid buffer overflow and misaligned memory access

File:
1 edited

Legend:

Unmodified
Added
Removed

  • cpukit/libnetworking/libc/gethostnamadr.c

    r97137a4 r8553d64  
    372372        int             *h_errnop)
    373373{
    374        
     374  uintptr_t current = (uintptr_t) buf;
     375  uintptr_t end = current + buflen;
    375376  size_t L=strlen(name);
    376   result->h_name=buf;
    377   if (buflen<L) { *h_errnop=ERANGE; return 1; }
    378   strcpy(buf,name);
    379 
    380   result->h_addr_list=(char**)(buf+strlen(name)+1);
    381   result->h_addr_list+=sizeof(char*)-((uintptr_t)(result->h_addr_list)&(sizeof(char*)-1));
    382   result->h_addr_list[0]=(char*)&result->h_addr_list[2];
     377
     378  *RESULT = NULL;
     379  *h_errnop = 0;
     380
     381  result->h_name = (char *) current;
     382  current += L + 1;
     383  if (current > end) { *h_errnop = ERANGE; return 1; }
     384  strcpy(result->h_name, name);
     385
     386  current += sizeof(char **);
     387  current -= current & (sizeof(char **) - 1);
     388  result->h_addr_list = (char **) current;
     389  current += 2 * sizeof(char **);
     390  result->h_aliases = (char **) current;
     391  current += sizeof(char **);
     392  if (current > end) { *h_errnop = ERANGE; return 1; }
     393  result->h_addr_list [0]= (char *) current;
     394  current += 16;
     395  result->h_addr_list [1] = NULL;
     396  result->h_aliases [0] = NULL;
     397  if (current > end) { *h_errnop = ERANGE; return 1; }
    383398  if (inet_pton(AF_INET,name,result->h_addr_list[0])) {
    384399    result->h_addrtype=AF_INET;
    385400    result->h_length=4;
    386 commonip:
    387     result->h_aliases=result->h_addr_list+2*sizeof(char**);
    388     result->h_aliases[0]=0;
    389     result->h_addr_list[1]=0;
    390401    *RESULT=result;
    391     *h_errnop=0;
    392402    return 0;
    393403  } else if (inet_pton(AF_INET6,name,result->h_addr_list[0])) {
    394404    result->h_addrtype=AF_INET6;
    395405    result->h_length=16;
    396     goto commonip;
     406    *RESULT=result;
     407    return 0;
    397408  }
    398409
     
    407418  memmove(result,r,sizeof(struct hostent));
    408419  *RESULT=result;
    409   *h_errnop=0;
    410420  endhostent();
    411421  return 0;
Note: See TracChangeset for help on using the changeset viewer.