>Number:         23132
>Category:       lib
>Synopsis:       fix src/lib/libc/net/gethnamaddr.c for netbsd-1-6
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Oct 11 13:37:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Jukka Salmi
>Release:        NetBSD 1.6.1_STABLE
>Organization:
>Environment:
System: NetBSD haustier.salmi.ch 1.6.1_STABLE NetBSD 1.6.1_STABLE (HAUSTIER) #0: Thu Oct 9 00:23:11 CEST 2003 root@haustier.salmi.ch:/usr/src/sys/arch/i386/compile/HAUSTIER i386
Architecture: i386
Machine: i386
>Description:
src/lib/libc/net/gethnamaddr.c was fixed for -current, but not for netbsd-1-6
re "pointer points the byte just after the valid region"-problem
>How-To-Repeat:
use DJBs dnscache and gethostbyname(3) from the latest netbsd-1-6 libc to
resolve a hostname...
>Fix:
as for -current:

--- gethnamaddr.c_1.42.2.11	Fri Oct 10 10:43:57 2003
+++ gethnamaddr.c_1.42.2.12	Sat Oct 11 15:12:39 2003
@@ -203,16 +203,16 @@
 
 #define BOUNDED_INCR(x) \
 	do { \
-		if (cp + (x) >= eom) { \
+		cp += (x); \
+		if (cp > eom) { \
 			h_errno = NO_RECOVERY; \
 			return (NULL); \
 		} \
-		cp += (x); \
 	} while (/*CONSTCOND*/0)
 
 #define BOUNDS_CHECK(ptr, count) \
 	do { \
-		if ((ptr) + (count) >= eom) { \
+		if ((ptr) + (count) > eom) { \
 			h_errno = NO_RECOVERY; \
 			return (NULL); \
 		} \
>Release-Note:
>Audit-Trail:
>Unformatted: