Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libc/nameser Fix incorrect overflow test: https://androi...
details: https://anonhg.NetBSD.org/src/rev/bdd687730397
branches: trunk
changeset: 327406:bdd687730397
user: christos <christos%NetBSD.org@localhost>
date: Fri Mar 07 01:00:58 2014 +0000
description:
Fix incorrect overflow test: https://android-review.googlesource.com/#/c/50570/
diffstat:
lib/libc/nameser/ns_name.c | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diffs (33 lines):
diff -r f0129228ac70 -r bdd687730397 lib/libc/nameser/ns_name.c
--- a/lib/libc/nameser/ns_name.c Thu Mar 06 23:30:28 2014 +0000
+++ b/lib/libc/nameser/ns_name.c Fri Mar 07 01:00:58 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ns_name.c,v 1.9 2012/03/13 21:13:39 christos Exp $ */
+/* $NetBSD: ns_name.c,v 1.10 2014/03/07 01:00:58 christos Exp $ */
/*
* Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
@@ -22,7 +22,7 @@
#ifdef notdef
static const char rcsid[] = "Id: ns_name.c,v 1.11 2009/01/23 19:59:16 each Exp";
#else
-__RCSID("$NetBSD: ns_name.c,v 1.9 2012/03/13 21:13:39 christos Exp $");
+__RCSID("$NetBSD: ns_name.c,v 1.10 2014/03/07 01:00:58 christos Exp $");
#endif
#endif
@@ -473,11 +473,12 @@
_DIAGASSERT(__type_fit(int, srcp - src + 1));
len = (int)(srcp - src + 1);
}
- srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff));
- if (srcp < msg || srcp >= eom) { /*%< Out of range. */
+ l = ((n & 0x3f) << 8) | (*srcp & 0xff);
+ if (l >= eom - msg) { /*%< Out of range. */
errno = EMSGSIZE;
return (-1);
}
+ srcp = msg + l;
checked += 2;
/*
* Check for loops in the compressed name;
Home |
Main Index |
Thread Index |
Old Index