getnameinfo() / getservent_r() windows

To: tech-net%NetBSD.org@localhost
Subject: getnameinfo() / getservent_r() windows
From: Sean Boudreau <seanb%qnx.com@localhost>
Date: Tue, 11 Aug 2009 13:26:52 -0400

There's a section in getnameinfo() where the results
of a getservbyport_r() are referenced after a 
endservent_r() which invalidates it.

There's also a couple of sections in the getservent_r()
handling where a buffer that may not have been malloc()'d
is free()'d

Any concerns before I commit?

Regards,

-seanb

Index: getnameinfo.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/getnameinfo.c,v
retrieving revision 1.46
diff -u -r1.46 getnameinfo.c
--- getnameinfo.c       11 Feb 2009 05:25:17 -0000      1.46
+++ getnameinfo.c       11 Aug 2009 16:43:02 -0000
@@ -193,21 +193,23 @@
                 * servlen == 0 means that the caller does not want the result.
                 */
        } else {
+               struct servent_data svd;
+               struct servent sv;
+
                if (flags & NI_NUMERICSERV)
                        sp = NULL;
                else {
-                       struct servent_data svd;
-                       struct servent sv;
-
                        (void)memset(&svd, 0, sizeof(svd));
                        sp = getservbyport_r(port,
                                (flags & NI_DGRAM) ? "udp" : "tcp", &sv, &svd);
-                       endservent_r(&svd);
                }
                if (sp) {
-                       if (strlen(sp->s_name) + 1 > servlen)
+                       if (strlen(sp->s_name) + 1 > servlen) {
+                               endservent_r(&svd);
                                return EAI_MEMORY;
+                       }
                        strlcpy(serv, sp->s_name, servlen);
+                       endservent_r(&svd);
                } else {
                        snprintf(numserv, sizeof(numserv), "%u", ntohs(port));
                        if (strlen(numserv) + 1 > servlen)
Index: getservent_r.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/getservent_r.c,v
retrieving revision 1.9
diff -u -r1.9 getservent_r.c
--- getservent_r.c      6 Jan 2008 16:34:18 -0000       1.9
+++ getservent_r.c      11 Aug 2009 16:43:02 -0000
@@ -87,10 +87,10 @@
 int
 _servent_getline(struct servent_data *sd)
 {
-       if (sd->line) {
+       if ((sd->flags & _SV_DB) && sd->line != NULL) {
                free(sd->line);
-               sd->line = NULL;
        }
+       sd->line = NULL;
 
        if (sd->db == NULL)
                return -1;
@@ -202,10 +202,10 @@
                sd->aliases = NULL;
                sd->maxaliases = 0;
        }
-       if (sd->line) {
+       if ((sd->flags & _SV_DB) && sd->line != NULL) {
                free(sd->line);
-               sd->line = NULL;
        }
+       sd->line = NULL;
 }
 
 struct servent *

Follow-Ups:
- Re: getnameinfo() / getservent_r() windows
  - From: Christos Zoulas

Prev by Date: Re: PPTP and PF NAT
Next by Date: Re: getnameinfo() / getservent_r() windows
Previous by Thread: PPTP and PF NAT
Next by Thread: Re: getnameinfo() / getservent_r() windows
Indexes:

Home | Main Index | Thread Index | Old Index