[Date Prev][Date Next] [Chronological] [Thread] [Top]

copy_hostent() should check for NULL before dereferencing fields



Posting for Alan Clark who's email is down.

>>> Alan Clark 03/20/00 05:08PM >>>

copy_hostent() is called to copy the hostent structure returned by gethostbyname().  copy_hostent dereferences the h_aliases and h_addr_list fields without checking for NULL.  I know of at least one system which can return a valid hostent structure but has h_aliases = NULL.  copy_hostent should check these fields before dereferencing them.

Here is a correction to util-int.c to do it.

_______________________________________________________________________

Index: util-int.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/util-int.c,v
retrieving revision 1.19
diff -u -r1.19 util-int.c
--- util-int.c 2000/01/03 01:33:22 1.19
+++ util-int.c 2000/03/20 22:22:35
@@ -321,22 +321,25 @@
  char **tp;
  char *tbuf;
  int name_len;
- int n_alias;
- int total_alias_len;
- int n_addr;
+ int n_alias=0;
+ int total_alias_len=0;
+ int n_addr=0;
  int total_addr_len;
  int total_len;
    
  /* calculate the size needed for the buffer */
  name_len = strlen( src->h_name ) + 1;
- 
- for( n_alias=total_alias_len=0, p=src->h_aliases; (*p) ; p++ ) {
-  total_alias_len += strlen( *p ) + 1;
-  n_alias++; 
+ if ((p=src->h_aliases) != NULL) {
+  for( ; (*p) ; p++ ) {
+   total_alias_len += strlen( *p ) + 1;
+   n_alias++; 
+  }
  }
 
- for( n_addr=0, p=src->h_addr_list; (*p) ; p++ ) {
-  n_addr++;
+ if ((p=src->h_addr_list) != NULL) {
+  for( ; (*p) ; p++ ) {
+   n_addr++;
+  }
  }
  total_addr_len = n_addr * src->h_length;
  
@@ -352,11 +355,13 @@
   res->h_name = tbuf; tbuf+=name_len;
   /* now the aliases */
   res->h_aliases = tp;
-  tbuf = cpy_aliases( &tp, tbuf, src->h_aliases );
+  if (src->h_aliases)
+   tbuf = cpy_aliases( &tp, tbuf, src->h_aliases );
   *tp++=NULL;
   /* finally the addresses */
   res->h_addr_list = tp;
-  tbuf = cpy_addresses( &tp, tbuf, src->h_addr_list, src->h_length );
+  if (src->h_addr_list)
+   tbuf = cpy_addresses( &tp, tbuf, src->h_addr_list, src->h_length );
   *tp++=NULL;
   return 0;
  }