RepoMirrors/musl
1
0
Fork 0
mirror of git://git.musl-libc.org/musl synced 2025-02-04 04:51:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix read past end of buffer in getaddrinfo backend

Browse Source 
due to testing buf[i].family==AF_INET before checking i==cnt, it was
possible to read past the end of the array, or past the valid part. in
practice, without active bounds/indeterminate-value checking by the
compiler, the worst that happened was failure to return early and
optimize out the sorting that's unneeded for v4-only results.

returning on i==cnt-1 rather than i==cnt would be an alternate fix,
but the approach this patch takes is more idiomatic and less
error-prone.

patch by Timo Teräs.
This commit is contained in:
Rich Felker 2017-04-11 22:01:31 -04:00
parent 54807d47ac
commit 1ca597551b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/network/lookup_name.c
View File

@ -338,7 +338,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c
/* No further processing is needed if there are fewer than 2 /* No further processing is needed if there are fewer than 2
* results or if there are only IPv4 results. */ * results or if there are only IPv4 results. */
if (cnt<2 || family==AF_INET) return cnt; if (cnt<2 || family==AF_INET) return cnt;
for (i=0; buf[i].family == AF_INET; i++) for (i=0; i<cnt; i++) if (buf[i].family != AF_INET) break;
if (i==cnt) return cnt; if (i==cnt) return cnt;
int cs; int cs;