aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTrevor Johnson <trevor@FreeBSD.org>2002-07-08 22:17:52 +0000
committerTrevor Johnson <trevor@FreeBSD.org>2002-07-08 22:17:52 +0000
commit37e223c81cf4d025435d974ad9ce63fc4b133b39 (patch)
treea156e91bd4b22fc5d60225a04aa6ceeba90d735e
parentad9279f64730904e0471e440c731fdce5f4cbe36 (diff)
downloadsrc-37e223c81cf4d025435d974ad9ce63fc4b133b39.tar.gz
src-37e223c81cf4d025435d974ad9ce63fc4b133b39.zip
MFC: fix buffer overflows described in FreeBSD-SA-02:28.resolv.
Sergey A. Osokin and I tested this. Approved by: security-officer
Notes
Notes: svn path=/stable/3/; revision=99618
-rw-r--r--lib/libc/net/gethostbydns.c1
-rw-r--r--lib/libc/net/getnetbydns.c4
2 files changed, 4 insertions, 1 deletions
diff --git a/lib/libc/net/gethostbydns.c b/lib/libc/net/gethostbydns.c
index 1d17a0a16533..c7f37c278ce7 100644
--- a/lib/libc/net/gethostbydns.c
+++ b/lib/libc/net/gethostbydns.c
@@ -389,6 +389,7 @@ gethostanswer(answer, anslen, qname, qtype)
buflen -= nn;
}
+ buflen -= sizeof(align) - ((u_long)bp % sizeof(align));
bp += sizeof(align) - ((u_long)bp % sizeof(align));
if (bp + n >= &hostbuf[sizeof hostbuf]) {
diff --git a/lib/libc/net/getnetbydns.c b/lib/libc/net/getnetbydns.c
index 65d9d2de96d8..26601f858e24 100644
--- a/lib/libc/net/getnetbydns.c
+++ b/lib/libc/net/getnetbydns.c
@@ -174,7 +174,9 @@ static char *net_aliases[MAXALIASES], netbuf[PACKETSZ];
}
cp += n;
*ap++ = bp;
- bp += strlen(bp) + 1;
+ n = strlen(bp) + 1;
+ bp += n;
+ buflen -= n;
net_entry.n_addrtype =
(class == C_IN) ? AF_INET : AF_UNSPEC;
haveanswer++;