diff options
Diffstat (limited to 'main/libc0.9.32/0002-resolv-various-memory-corruption-and-off-by-one-fixe.patch')
-rw-r--r-- | main/libc0.9.32/0002-resolv-various-memory-corruption-and-off-by-one-fixe.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/main/libc0.9.32/0002-resolv-various-memory-corruption-and-off-by-one-fixe.patch b/main/libc0.9.32/0002-resolv-various-memory-corruption-and-off-by-one-fixe.patch new file mode 100644 index 00000000..562d648a --- /dev/null +++ b/main/libc0.9.32/0002-resolv-various-memory-corruption-and-off-by-one-fixe.patch @@ -0,0 +1,69 @@ +From bfe9a589a402d4b6265e32b1b5ca0942efdcff3b Mon Sep 17 00:00:00 2001 +From: Timo Teras <timo.teras@iki.fi> +Date: Fri, 7 May 2010 11:30:04 +0300 +Subject: [PATCH 2/2] resolv: various memory corruption and off by one fixes + +Fixes resolution of names with AAAA entries and gethostbyaddr issues. + +Signed-off-by: Timo Teras <timo.teras@iki.fi> +--- + libc/inet/resolv.c | 12 ++++++++---- + 1 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c +index 84289a6..320aec4 100644 +--- a/libc/inet/resolv.c ++++ b/libc/inet/resolv.c +@@ -689,7 +689,7 @@ int attribute_hidden __decode_dotted(const unsigned char *packet, + + if (used + b + 1 >= dest_len) + return -1; +- if (offset + b + 1 >= packet_len) ++ if (offset + b >= packet_len) + return -1; + memcpy(dest + used, packet + offset, b); + offset += b; +@@ -2417,7 +2417,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen, + /* Layout in buf: + * char *alias[ALIAS_DIM]; + * struct in[6]_addr* addr_list[2]; +- * struct in[6]_addr* in; ++ * struct in[6]_addr in; + * char scratch_buffer[256+]; + */ + #define in6 ((struct in6_addr *)in) +@@ -2431,9 +2431,13 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen, + #ifndef __UCLIBC_HAS_IPV6__ + buf += sizeof(*in); + buflen -= sizeof(*in); ++ if (addrlen > sizeof(*in)) ++ return ERANGE; + #else + buf += sizeof(*in6); + buflen -= sizeof(*in6); ++ if (addrlen > sizeof(*in6)) ++ return ERANGE; + #endif + if ((ssize_t)buflen < 256) + return ERANGE; +@@ -2441,7 +2445,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen, + alias[1] = NULL; + addr_list[0] = in; + addr_list[1] = NULL; +- memcpy(&in, addr, addrlen); ++ memcpy(in, addr, addrlen); + + if (0) /* nothing */; + #ifdef __UCLIBC_HAS_IPV4__ +@@ -2456,7 +2460,7 @@ int gethostbyaddr_r(const void *addr, socklen_t addrlen, + char *dst = buf; + unsigned char *tp = (unsigned char *)addr + addrlen - 1; + do { +- dst += sprintf(dst, "%x.%x.", tp[i] & 0xf, tp[i] >> 4); ++ dst += sprintf(dst, "%x.%x.", tp[0] & 0xf, tp[0] >> 4); + tp--; + } while (tp >= (unsigned char *)addr); + strcpy(dst, "ip6.arpa"); +-- +1.6.3.3 + |