[249] in Pthreads mailing list archive
bug in gethostbyname()
daemon@ATHENA.MIT.EDU (Jin Guojun[ITG])
Wed Jan 31 13:29:51 1996
Date: Wed, 31 Jan 1996 09:51:22 -0800
From: "Jin Guojun[ITG]" <jin@george.lbl.gov>
To: pthreads@MIT.EDU
In net/gethostbyname.c --
Line 61 malloc empty structure data->host_answer and passes it to
gethostbyname_r() in line 67. It is the "result" in gethostbyname_r() and
passed to fake_hostent() without any modification at line 93.
The first line in fake_hostent() (Global Line # 110), strncpy() tried to
use an either NULL or garbage result->name pointer which causes core dump.
-Jin
54 struct hostent *gethostbyname(const char *hostname)
55 {
56 struct res_data *data = _res_init();
57
58 if (!data)
59 return NULL;
60 if (!data->host_answer) {
61 data->host_answer = malloc(sizeof(struct hostent_answer)
);
62 if (!data->host_answer) {
63 data->errval = NO_RECOVERY;
64 return NULL;
65 }
66 }
67 return gethostbyname_r(hostname, data->host_answer);
68 }
69
70 struct hostent *gethostbyname_r(const char *hostname,
71 struct h
ostent_answer *result)
72 {
73 struct res_data *data = _res_init();
74 struct in_addr addr;
75 querybuf buf;
76 const char *p;
77 int n;
78
79 if (!data)
80 return NULL;
81
82 /* Check for all-numeric hostname with no trailing dot. */
83 if (isdigit(hostname[0])) {
84 p = hostname;
85 while (*p && (isdigit(*p) || *p == '.'))
86 p++;
87 if (!*p && p[-1] != '.') {
88 /* Looks like an IP address; convert it. */
89 if (inet_aton(hostname, &addr) == -1) {
90 data->errval = HOST_NOT_FOUND;
91 return NULL;
92 }
93 return fake_hostent(hostname, addr, result);
94 }
95 }
96
97 /* Do the search. */
98 n = res_search(hostname, C_IN, T_A, buf.buf, sizeof(buf));
99 if (n >= 0)
100 return _res_parse_answer(&buf, n, 0, result, data);
101 else if (errno == ECONNREFUSED)
102 return file_find(hostname, data, result);
103 else
104 return NULL;
105 }
106
107 static struct hostent *fake_hostent(const char *hostname, struct in_addr
addr,
108
struct hostent_answer *result)
109 {
110 strncpy(result->name, hostname, BUFSIZ - 1);
111 result->name[BUFSIZ - 1] = 0;
112 result->host.h_name = result->name;
113
114 result->host_addr = addr;
115 result->h_addr_ptrs[0] = (char *) &result->host_addr;
116 result->h_addr_ptrs[1] = NULL;
117 result->host.h_addr_list = result->h_addr_ptrs;
118 result->host.h_length = sizeof(unsigned long);
119
120 result->host_aliases[0] = NULL;
121 result->host.h_aliases = result->host_aliases;
122
123 result->host.h_addrtype = AF_INET;
124
125 return &result->host;
126 }
