summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2014-06-02 01:31:28 -0400
committerRich Felker <dalias@aerifal.cx>2014-06-02 01:31:28 -0400
commitbb9af59bba5b72b90c38d28809c30b31933c64d5 (patch)
tree733606f802ae0cf39895d1073839820eb0b92116
parentaf7c308ee66c4127700dd7843f885f7f2d030a0c (diff)
downloadmusl-bb9af59bba5b72b90c38d28809c30b31933c64d5.tar.gz
musl-bb9af59bba5b72b90c38d28809c30b31933c64d5.tar.bz2
musl-bb9af59bba5b72b90c38d28809c30b31933c64d5.tar.xz
musl-bb9af59bba5b72b90c38d28809c30b31933c64d5.zip
fix off-by-one in checking hostname length in new resolver backend
this bug was introduced in the recent resolver overhaul commits. it likely had visible symptoms. these were probably limited to wrongly accepting truncated versions of over-long names (vs rejecting them), as opposed to stack-based overflows or anything more severe, but no extensive checks were made. there have been no releases where this bug was present.
-rw-r--r--src/network/lookup_name.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c
index b1f1ffd0..e1b583ee 100644
--- a/src/network/lookup_name.c
+++ b/src/network/lookup_name.c
@@ -14,7 +14,7 @@
static int is_valid_hostname(const char *host)
{
const unsigned char *s;
- if (strnlen(host, 255)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
+ if (strnlen(host, 256)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++);
return !*s;
}
@@ -119,7 +119,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c
*canon = 0;
if (name) {
size_t l;
- if ((l = strnlen(name, 255))-1 > 254)
+ if ((l = strnlen(name, 256))-1 > 254)
return EAI_NONAME;
memcpy(canon, name, l+1);
}