summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSzabolcs Nagy <nsz@port70.net>2014-06-05 22:52:40 +0200
committerSzabolcs Nagy <nsz@port70.net>2014-06-05 23:06:37 +0200
commit2abb70c302efe46dfd8fd9e1d64fa00f1376f428 (patch)
tree869f116a88556e51d9a4bc365bf47ad2532d3f8b
parentb3d9e0b94ea73c68ef4169ec82c898ce59a4e30a (diff)
downloadmusl-2abb70c302efe46dfd8fd9e1d64fa00f1376f428.tar.gz
musl-2abb70c302efe46dfd8fd9e1d64fa00f1376f428.tar.bz2
musl-2abb70c302efe46dfd8fd9e1d64fa00f1376f428.tar.xz
musl-2abb70c302efe46dfd8fd9e1d64fa00f1376f428.zip
fix the domain name length limit checks
A domain name is at most 255 bytes long (RFC 1035), but the string representation is two bytes smaller so the strlen maximum is 253.
-rw-r--r--src/network/lookup_name.c4
-rw-r--r--src/network/res_mkquery.c4
-rw-r--r--src/network/res_querydomain.c8
3 files changed, 8 insertions, 8 deletions
diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c
index f324e547..68b172b4 100644
--- a/src/network/lookup_name.c
+++ b/src/network/lookup_name.c
@@ -14,7 +14,7 @@
static int is_valid_hostname(const char *host)
{
const unsigned char *s;
- if (strnlen(host, 256)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
+ if (strnlen(host, 254)-1 >= 253 || mbstowcs(0, host, 0) == -1) return 0;
for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++);
return !*s;
}
@@ -153,7 +153,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c
*canon = 0;
if (name) {
size_t l;
- if ((l = strnlen(name, 256))-1 > 254)
+ if ((l = strnlen(name, 254))-1 >= 253)
return EAI_NONAME;
memcpy(canon, name, l+1);
}
diff --git a/src/network/res_mkquery.c b/src/network/res_mkquery.c
index f7e4e9c6..7c49709e 100644
--- a/src/network/res_mkquery.c
+++ b/src/network/res_mkquery.c
@@ -10,9 +10,9 @@ int __res_mkquery(int op, const char *dname, int class, int type,
int id, i, j;
unsigned char q[280];
struct timespec ts;
- size_t l = strnlen(dname, 256);
+ size_t l = strnlen(dname, 254);
- if (l-1>=254 || buflen<18+l || op>15u || class>255u || type>255u)
+ if (l-1>=253 || buflen<18+l || op>15u || class>255u || type>255u)
return -1;
/* Construct query template - ID will be filled later */
diff --git a/src/network/res_querydomain.c b/src/network/res_querydomain.c
index c746dbe6..8ba31f45 100644
--- a/src/network/res_querydomain.c
+++ b/src/network/res_querydomain.c
@@ -3,10 +3,10 @@
int res_querydomain(const char *name, const char *domain, int class, int type, unsigned char *dest, int len)
{
- char tmp[256];
- size_t nl = strnlen(name, 256);
- size_t dl = strnlen(domain, 256);
- if (nl+dl+1 > 255) return -1;
+ char tmp[254];
+ size_t nl = strnlen(name, 254);
+ size_t dl = strnlen(domain, 254);
+ if (nl+dl+1 > 253) return -1;
memcpy(tmp, name, nl);
tmp[nl] = '.';
memcpy(tmp+nl+1, domain, dl+1);