aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTrevor Johnson <trevor@FreeBSD.org>2002-07-10 06:57:44 +0000
committerTrevor Johnson <trevor@FreeBSD.org>2002-07-10 06:57:44 +0000
commit7f484866a20db7df608d7cfa9ab8e8bc089a5de8 (patch)
tree2858702d2f7d2e723a783d00f63ac2a2cae6f41a
parent2a86dbea9c07a9c9b263025146cf294248a2a21a (diff)
downloadsrc-7f484866a20db7df608d7cfa9ab8e8bc089a5de8.tar.gz
src-7f484866a20db7df608d7cfa9ab8e8bc089a5de8.zip
MFC: fix buffer overflows described in FreeBSD-SA-02:28.resolv.
Reviewed by: imp
Notes
Notes: svn path=/releng/4.3/; revision=99716
-rw-r--r--lib/libc/net/gethostbydns.c1
-rw-r--r--lib/libc/net/getnetbydns.c4
-rw-r--r--lib/libc/net/name6.c4
-rw-r--r--sys/conf/newvers.sh2
4 files changed, 8 insertions, 3 deletions
diff --git a/lib/libc/net/gethostbydns.c b/lib/libc/net/gethostbydns.c
index a5a3e7bb30fe..52ac91a041be 100644
--- a/lib/libc/net/gethostbydns.c
+++ b/lib/libc/net/gethostbydns.c
@@ -389,6 +389,7 @@ gethostanswer(answer, anslen, qname, qtype)
buflen -= nn;
}
+ buflen -= sizeof(align) - ((u_long)bp % sizeof(align));
bp += sizeof(align) - ((u_long)bp % sizeof(align));
if (bp + n >= &hostbuf[sizeof hostbuf]) {
diff --git a/lib/libc/net/getnetbydns.c b/lib/libc/net/getnetbydns.c
index 087aa5f6b9bf..e1a11d2e5d3a 100644
--- a/lib/libc/net/getnetbydns.c
+++ b/lib/libc/net/getnetbydns.c
@@ -173,7 +173,9 @@ static char *net_aliases[MAXALIASES], netbuf[PACKETSZ];
}
cp += n;
*ap++ = bp;
- bp += strlen(bp) + 1;
+ n = strlen(bp) + 1;
+ bp += n;
+ buflen -= n;
net_entry.n_addrtype =
(class == C_IN) ? AF_INET : AF_UNSPEC;
haveanswer++;
diff --git a/lib/libc/net/name6.c b/lib/libc/net/name6.c
index 8edcb1bee858..401786811b50 100644
--- a/lib/libc/net/name6.c
+++ b/lib/libc/net/name6.c
@@ -1024,7 +1024,7 @@ getanswer(answer, anslen, qname, qtype, template, errp)
register const u_char *cp;
register int n;
const u_char *eom, *erdata;
- char *bp, **ap, **hap;
+ char *bp, **ap, **hap, *obp;
int type, class, buflen, ancount, qdcount;
int haveanswer, had_error;
char tbuf[MAXDNAME];
@@ -1238,7 +1238,9 @@ getanswer(answer, anslen, qname, qtype, template, errp)
bp += nn;
buflen -= nn;
}
+ obp = bp; /* ALIGN rounds up */
bp = (char *)ALIGN(bp);
+ buflen -= (bp - obp);
DNS_FATAL(bp + n < &hostbuf[sizeof hostbuf]);
DNS_ASSERT(hap < &h_addr_ptrs[MAXADDRS-1]);
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index cdf882da4d0b..ec47e5a6ae2c 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.3"
-BRANCH="RELEASE-p28"
+BRANCH="RELEASE-p29"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"