nscd and getxxxxx_r () are all screwed up.
H.J. Lu
hjl@varesearch.com
Tue Aug 10 08:02:00 GMT 1999
>
> hjl@varesearch.com (H.J. Lu) writes:
>
> > nscd and getxxxxx_r () in glibc 2.1.2 are all screwed up. hstcache.c
> > in nscd has:
>
> First, you are getting extremely on my nerves with your constant
> "everything is screwed up, nothing works". If *always* is wrong.
>
> Second, I have not the slightest idea what you are talking about. I
> just wasted some minutes looking through the code finding no problem
> since errno and h_errno are always set correctly in the file you
> mentioned. Thanks a lot. I really should go back to my mode where I
> ignore your mails if you do not give detailed explanations.
>
I shouldn't have sent out my bug report without a patch. The code
may be hard to understand. Here is my patch. Let me know if you have
any questions on the patch. I will fix other similar bugs if I
encounter them later.
Sorry for that. Thanks.
H.J.
----
Tue Aug 10 07:54:44 1999 H.J. Lu <hjl@gnu.org>
* resolv/nss_dns/dns-host.c (getanswer_r): Cleanup out-of-
buffer handling.
Index: resolv/nss_dns/dns-host.c
===================================================================
RCS file: /work/cvs/gnu/glibc-2.1/resolv/nss_dns/dns-host.c,v
retrieving revision 1.1.1.11
diff -u -p -r1.1.1.11 dns-host.c
--- resolv/nss_dns/dns-host.c 1999/06/17 15:38:20 1.1.1.11
+++ resolv/nss_dns/dns-host.c 1999/08/10 14:32:58
@@ -422,11 +422,7 @@ getanswer_r (const querybuf *answer, int
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{
if (errno == EMSGSIZE)
- {
- *errnop = ERANGE;
- *h_errnop = NETDB_INTERNAL;
- return NSS_STATUS_TRYAGAIN;
- }
+ goto too_small;
n = -1;
}
@@ -473,7 +469,9 @@ getanswer_r (const querybuf *answer, int
linebuflen -= n;
/* Get canonical name. */
n = strlen (tbuf) + 1; /* For the \0. */
- if ((size_t) n > buflen || n >= MAXHOSTNAMELEN)
+ if ((size_t) n > linebuflen)
+ goto too_small;
+ if (n >= MAXHOSTNAMELEN)
{
++had_error;
continue;
@@ -495,7 +493,9 @@ getanswer_r (const querybuf *answer, int
cp += n;
/* Get canonical name. */
n = strlen (tbuf) + 1; /* For the \0. */
- if ((size_t) n > buflen || n >= MAXHOSTNAMELEN)
+ if ((size_t) n > linebuflen)
+ goto too_small;
+ if (n >= MAXHOSTNAMELEN)
{
++had_error;
continue;
@@ -539,11 +539,7 @@ getanswer_r (const querybuf *answer, int
if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
{
if (errno == EMSGSIZE)
- {
- *errnop = ERANGE;
- *h_errnop = NETDB_INTERNAL;
- return NSS_STATUS_TRYAGAIN;
- }
+ goto too_small;
n = -1;
}
@@ -616,11 +612,8 @@ getanswer_r (const querybuf *answer, int
linebuflen -= sizeof (align) - ((u_long) bp % sizeof (align));
bp += sizeof (align) - ((u_long) bp % sizeof (align));
- if (n >= linebuflen)
- {
- ++had_error;
- continue;
- }
+ if (n > linebuflen)
+ goto too_small;
if (hap >= &host_data->h_addr_ptrs[MAX_NR_ADDRS-1])
{
cp += n;
@@ -655,11 +648,7 @@ getanswer_r (const querybuf *answer, int
{
n = strlen (qname) + 1; /* For the \0. */
if (n > linebuflen)
- {
- *errnop = ERANGE;
- *h_errnop = NETDB_INTERNAL;
- return NSS_STATUS_TRYAGAIN;
- }
+ goto too_small;
if (n >= MAXHOSTNAMELEN)
goto no_recovery;
result->h_name = bp;
More information about the Libc-hacker
mailing list