off-by-1 error in string length validation
From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
This commit is contained in:
parent
e04f70f17c
commit
311be79390
@ -1,5 +1,5 @@
|
||||
/* $FreeBSD$ */
|
||||
/* $KAME: getnameinfo.c,v 1.43 2000/06/12 04:27:03 itojun Exp $ */
|
||||
/* $KAME: getnameinfo.c,v 1.45 2000/09/25 22:43:56 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -33,11 +33,9 @@
|
||||
/*
|
||||
* Issues to be discussed:
|
||||
* - Thread safe-ness must be checked
|
||||
* - Return values. There seems to be no standard for return value (RFC2553)
|
||||
* but INRIA implementation returns EAI_xxx defined for getaddrinfo().
|
||||
* - RFC2553 says that we should raise error on short buffer. X/Open says
|
||||
* we need to truncate the result. We obey RFC2553 (and X/Open should be
|
||||
* modified).
|
||||
* modified). ipngwg rough consensus seems to follow RFC2553.
|
||||
* - What is "local" in NI_FQDN?
|
||||
* - NI_NAMEREQD and NI_NUMERICHOST conflict with each other.
|
||||
* - (KAME extension) NI_WITHSCOPEID when called with global address,
|
||||
@ -88,6 +86,7 @@ static int ip6_parsenumeric __P((const struct sockaddr *, const char *, char *,
|
||||
static int ip6_sa2str __P((const struct sockaddr_in6 *, char *, size_t, int));
|
||||
#endif
|
||||
|
||||
/* 2553bis: use EAI_xx for getnameinfo */
|
||||
#define ENI_NOSOCKET EAI_FAIL /*XXX*/
|
||||
#define ENI_NOSERVNAME EAI_NONAME
|
||||
#define ENI_NOHOSTNAME EAI_NONAME
|
||||
@ -154,12 +153,12 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
|
||||
(flags & NI_DGRAM) ? "udp" : "tcp");
|
||||
}
|
||||
if (sp) {
|
||||
if (strlen(sp->s_name) > servlen)
|
||||
if (strlen(sp->s_name) + 1 > servlen)
|
||||
return ENI_MEMORY;
|
||||
strcpy(serv, sp->s_name);
|
||||
} else {
|
||||
snprintf(numserv, sizeof(numserv), "%d", ntohs(port));
|
||||
if (strlen(numserv) > servlen)
|
||||
if (strlen(numserv) + 1 > servlen)
|
||||
return ENI_MEMORY;
|
||||
strcpy(serv, numserv);
|
||||
}
|
||||
@ -253,7 +252,7 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
|
||||
*p = '\0';
|
||||
}
|
||||
#endif
|
||||
if (strlen(hp->h_name) > hostlen) {
|
||||
if (strlen(hp->h_name) + 1 > hostlen) {
|
||||
freehostent(hp);
|
||||
return ENI_MEMORY;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user