[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
copy_hostent() should check for NULL before dereferencing fields
Posting for Alan Clark who's email is down.
>>> Alan Clark 03/20/00 05:08PM >>>
copy_hostent() is called to copy the hostent structure returned by gethostbyname(). copy_hostent dereferences the h_aliases and h_addr_list fields without checking for NULL. I know of at least one system which can return a valid hostent structure but has h_aliases = NULL. copy_hostent should check these fields before dereferencing them.
Here is a correction to util-int.c to do it.
_______________________________________________________________________
Index: util-int.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/util-int.c,v
retrieving revision 1.19
diff -u -r1.19 util-int.c
--- util-int.c 2000/01/03 01:33:22 1.19
+++ util-int.c 2000/03/20 22:22:35
@@ -321,22 +321,25 @@
char **tp;
char *tbuf;
int name_len;
- int n_alias;
- int total_alias_len;
- int n_addr;
+ int n_alias=0;
+ int total_alias_len=0;
+ int n_addr=0;
int total_addr_len;
int total_len;
/* calculate the size needed for the buffer */
name_len = strlen( src->h_name ) + 1;
-
- for( n_alias=total_alias_len=0, p=src->h_aliases; (*p) ; p++ ) {
- total_alias_len += strlen( *p ) + 1;
- n_alias++;
+ if ((p=src->h_aliases) != NULL) {
+ for( ; (*p) ; p++ ) {
+ total_alias_len += strlen( *p ) + 1;
+ n_alias++;
+ }
}
- for( n_addr=0, p=src->h_addr_list; (*p) ; p++ ) {
- n_addr++;
+ if ((p=src->h_addr_list) != NULL) {
+ for( ; (*p) ; p++ ) {
+ n_addr++;
+ }
}
total_addr_len = n_addr * src->h_length;
@@ -352,11 +355,13 @@
res->h_name = tbuf; tbuf+=name_len;
/* now the aliases */
res->h_aliases = tp;
- tbuf = cpy_aliases( &tp, tbuf, src->h_aliases );
+ if (src->h_aliases)
+ tbuf = cpy_aliases( &tp, tbuf, src->h_aliases );
*tp++=NULL;
/* finally the addresses */
res->h_addr_list = tp;
- tbuf = cpy_addresses( &tp, tbuf, src->h_addr_list, src->h_length );
+ if (src->h_addr_list)
+ tbuf = cpy_addresses( &tp, tbuf, src->h_addr_list, src->h_length );
*tp++=NULL;
return 0;
}