[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: copy_hostent() should check for NULL before dereferencingfields

To: "Dave Steck" <DSTECK@novell.com>
Subject: Re: copy_hostent() should check for NULL before dereferencingfields
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 11 Apr 2000 18:51:49 -0700
Cc: <openldap-bugs@OpenLDAP.org>
In-reply-to: <s8eb2df2.039@prv-mail25.provo.novell.com>

Patch rejects the diffs.  Please regenerate.
	Kurt

At 12:13 PM 4/5/00 -0600, Dave Steck wrote:
>Posting for Alan Clark who's email is down.
>
>>>> Alan Clark 03/20/00 05:08PM >>>
>
>copy_hostent() is called to copy the hostent structure returned by gethostbyname().  copy_hostent dereferences the h_aliases and h_addr_list fields without checking for NULL.  I know of at least one system which can return a valid hostent structure but has h_aliases = NULL.  copy_hostent should check these fields before dereferencing them.
>
>Here is a correction to util-int.c to do it.
>
>_______________________________________________________________________
>
>Index: util-int.c
>===================================================================
>RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/util-int.c,v
>retrieving revision 1.19
>diff -u -r1.19 util-int.c
>--- util-int.c 2000/01/03 01:33:22 1.19
>+++ util-int.c 2000/03/20 22:22:35
>@@ -321,22 +321,25 @@
>  char **tp;
>  char *tbuf;
>  int name_len;
>- int n_alias;
>- int total_alias_len;
>- int n_addr;
>+ int n_alias=0;
>+ int total_alias_len=0;
>+ int n_addr=0;
>  int total_addr_len;
>  int total_len;
>    
>  /* calculate the size needed for the buffer */
>  name_len = strlen( src->h_name ) + 1;
>- 
>- for( n_alias=total_alias_len=0, p=src->h_aliases; (*p) ; p++ ) {
>-  total_alias_len += strlen( *p ) + 1;
>-  n_alias++; 
>+ if ((p=src->h_aliases) != NULL) {
>+  for( ; (*p) ; p++ ) {
>+   total_alias_len += strlen( *p ) + 1;
>+   n_alias++; 
>+  }
>  }
> 
>- for( n_addr=0, p=src->h_addr_list; (*p) ; p++ ) {
>-  n_addr++;
>+ if ((p=src->h_addr_list) != NULL) {
>+  for( ; (*p) ; p++ ) {
>+   n_addr++;
>+  }
>  }
>  total_addr_len = n_addr * src->h_length;
>  
>@@ -352,11 +355,13 @@
>   res->h_name = tbuf; tbuf+=name_len;
>   /* now the aliases */
>   res->h_aliases = tp;
>-  tbuf = cpy_aliases( &tp, tbuf, src->h_aliases );
>+  if (src->h_aliases)
>+   tbuf = cpy_aliases( &tp, tbuf, src->h_aliases );
>   *tp++=NULL;
>   /* finally the addresses */
>   res->h_addr_list = tp;
>-  tbuf = cpy_addresses( &tp, tbuf, src->h_addr_list, src->h_length );
>+  if (src->h_addr_list)
>+   tbuf = cpy_addresses( &tp, tbuf, src->h_addr_list, src->h_length );
>   *tp++=NULL;
>   return 0;
>  }
>
>

Follow-Ups:
- Re: copy_hostent() should check for NULL beforedereferencingfields
  - From: Yohann Fourteau <yohann.fourteau@webmotion.net>

References:
- copy_hostent() should check for NULL before dereferencing fields
  - From: "Dave Steck" <DSTECK@novell.com>

Prev by Date: Re: segmentation fault (ITS#492)
Next by Date: Re: Broken Pipe Error
Index(es):
- Chronological
- Thread