Handle running out of buffer space with IPv6 mapping enabled.

With big DNS answers like the one you get for goodtimesdot.com you can get a truncated address list if IPv6 mapping is enabled. Instead tell the caller to resize the buffer.
git-mirror · Nov 10, 2009 · 51e4196 · 51e4196
1 parent 6515a01
commit 51e4196
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,7 +1,15 @@
+2009-11-10  Andreas Schwab  <schwab@redhat.com>
+
+	* resolv/mapv4v6hostent.h (map_v4v6_hostent): Return non-zero if
+	out of buffer space.
+	* resolv/nss_dns/dns-host.c (getanswer_r): Check for
+	map_v4v6_hostent running out of space.
+
 2009-11-10  Ulrich Drepper  <drepper@redhat.com>
 
 	* string/bits/string3.h (memset): If the second parameter is constant
 	and zero there is likely no transposition.
+	Patch by Caolan McNamara <caolanm@redhat.com.
 
 2009-11-04  Philippe De Muyter  <phdm@macqel.be>
 

diff --git a/resolv/mapv4v6hostent.h b/resolv/mapv4v6hostent.h
@@ -57,30 +57,28 @@ typedef union {
     char ac;
 } align;
 
-static void
+static int
 map_v4v6_hostent (struct hostent *hp, char **bpp, int *lenp)
 {
   char **ap;
 
   if (hp->h_addrtype != AF_INET || hp->h_length != INADDRSZ)
-    return;
+    return 0;
   hp->h_addrtype = AF_INET6;
   hp->h_length = IN6ADDRSZ;
   for (ap = hp->h_addr_list; *ap; ap++)
     {
       int i = sizeof (align) - ((u_long) *bpp % sizeof (align));
 
       if (*lenp < (i + IN6ADDRSZ))
-	{
-	  /* Out of memory.  Truncate address list here.  XXX */
-	  *ap = NULL;
-	  return;
-	}
+	/* Out of memory.  */
+	return 1;
       *bpp += i;
       *lenp -= i;
       map_v4v6_address (*ap, *bpp);
       *ap = *bpp;
       *bpp += IN6ADDRSZ;
       *lenp -= IN6ADDRSZ;
     }
+  return 0;
 }
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
@@ -878,7 +878,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
 		}
 	      bp += n;
 	      linebuflen -= n;
-	      map_v4v6_hostent (result, &bp, &linebuflen);
+	      if (map_v4v6_hostent (result, &bp, &linebuflen))
+		goto too_small;
 	    }
 	  *h_errnop = NETDB_SUCCESS;
 	  return NSS_STATUS_SUCCESS;
@@ -953,7 +954,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
 	}
 
       if (have_to_map)
-	map_v4v6_hostent (result, &bp, &linebuflen);
+	if (map_v4v6_hostent (result, &bp, &linebuflen))
+	  goto too_small;
       *h_errnop = NETDB_SUCCESS;
       return NSS_STATUS_SUCCESS;
     }