탐색 도움말
로그인
hongwenjun
/
musl
의 미러 https://git.musl-libc.org/git/musl
1
0
포크 0
파일 이슈 0 위키
소스 검색

fix off-by-one in checking hostname length in new resolver backend

this bug was introduced in the recent resolver overhaul commits. it
likely had visible symptoms. these were probably limited to wrongly
accepting truncated versions of over-long names (vs rejecting them),
as opposed to stack-based overflows or anything more severe, but no
extensive checks were made. there have been no releases where this bug
was present.
Rich Felker 11 년 전
부모
af7c308ee6
커밋
bb9af59bba
1개의 변경된 파일2개의 추가작업 그리고 2개의 파일을 삭제
분할 보기 변경상태 보기
  1. 2 2
      src/network/lookup_name.c

+ 2 - 2
src/network/lookup_name.c
파일 보기 

@@ -14,7 +14,7 @@
 
 static int is_valid_hostname(const char *host)
 
 {
 
 	const unsigned char *s;
 
-	if (strnlen(host, 255)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
 
+	if (strnlen(host, 256)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
 
 	for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++);
 
 	return !*s;
 
 }
 
@@ -119,7 +119,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c
 
 	*canon = 0;
 
 	if (name) {
 
 		size_t l;
 
-		if ((l = strnlen(name, 255))-1 > 254)
 
+		if ((l = strnlen(name, 256))-1 > 254)
 
 			return EAI_NONAME;
 
 		memcpy(canon, name, l+1);
 
 	}