summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSebastian Huber <sebastian.huber@embedded-brains.de>2012-02-14 16:46:04 +0100
committerSebastian Huber <sebastian.huber@embedded-brains.de>2014-11-24 08:58:24 +0100
commit0444c0318093d4f6d6f1165b7c8b6d81132d2538 (patch)
treeb5a709054b54c08fe6bf0a94e854910b8df55691
parentppp: PR1943: Avoid NULL pointer access (diff)
downloadrtems-0444c0318093d4f6d6f1165b7c8b6d81132d2538.tar.bz2
Avoid buffer overflow and misaligned memory access
-rw-r--r--cpukit/libnetworking/libc/gethostnamadr.c38
1 files changed, 24 insertions, 14 deletions
diff --git a/cpukit/libnetworking/libc/gethostnamadr.c b/cpukit/libnetworking/libc/gethostnamadr.c
index 8d7dd0db62..d627cfb94d 100644
--- a/cpukit/libnetworking/libc/gethostnamadr.c
+++ b/cpukit/libnetworking/libc/gethostnamadr.c
@@ -374,29 +374,40 @@ int gethostbyname_r(const char* name,
struct hostent **RESULT,
int *h_errnop)
{
-
+ uintptr_t current = (uintptr_t) buf;
+ uintptr_t end = current + buflen;
size_t L=strlen(name);
- result->h_name=buf;
- if (buflen<L) { *h_errnop=ERANGE; return 1; }
- strcpy(buf,name);
- result->h_addr_list=(char**)(buf+strlen(name)+1);
- result->h_addr_list+=sizeof(char*)-((uintptr_t)(result->h_addr_list)&(sizeof(char*)-1));
- result->h_addr_list[0]=(char*)&result->h_addr_list[2];
+ *RESULT = NULL;
+ *h_errnop = 0;
+
+ result->h_name = (char *) current;
+ current += L + 1;
+ if (current > end) { *h_errnop = ERANGE; return 1; }
+ strcpy(result->h_name, name);
+
+ current += sizeof(char **);
+ current -= current & (sizeof(char **) - 1);
+ result->h_addr_list = (char **) current;
+ current += 2 * sizeof(char **);
+ result->h_aliases = (char **) current;
+ current += sizeof(char **);
+ if (current > end) { *h_errnop = ERANGE; return 1; }
+ result->h_addr_list [0]= (char *) current;
+ current += 16;
+ result->h_addr_list [1] = NULL;
+ result->h_aliases [0] = NULL;
+ if (current > end) { *h_errnop = ERANGE; return 1; }
if (inet_pton(AF_INET,name,result->h_addr_list[0])) {
result->h_addrtype=AF_INET;
result->h_length=4;
-commonip:
- result->h_aliases=result->h_addr_list+2*sizeof(char**);
- result->h_aliases[0]=0;
- result->h_addr_list[1]=0;
*RESULT=result;
- *h_errnop=0;
return 0;
} else if (inet_pton(AF_INET6,name,result->h_addr_list[0])) {
result->h_addrtype=AF_INET6;
result->h_length=16;
- goto commonip;
+ *RESULT=result;
+ return 0;
}
@@ -409,7 +420,6 @@ commonip:
found:
memmove(result,r,sizeof(struct hostent));
*RESULT=result;
- *h_errnop=0;
endhostent();
return 0;
}