CVS commit: src/lib/libc/net

Sun, 03 Apr 2011 15:14:25 -0700 

Module Name:    src
Committed By:   christos
Date:           Sun Apr  3 22:14:15 UTC 2011

Modified Files:
        src/lib/libc/net: getservbyname_r.c getservbyport_r.c

Log Message:
Protect against stack smashes (Maksymilian Arciemowicz)


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/lib/libc/net/getservbyname_r.c \
    src/lib/libc/net/getservbyport_r.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/lib/libc/net/getservbyname_r.c
diff -u src/lib/libc/net/getservbyname_r.c:1.7 src/lib/libc/net/getservbyname_r.c:1.8
--- src/lib/libc/net/getservbyname_r.c:1.7	Sat Apr 24 20:54:46 2010
+++ src/lib/libc/net/getservbyname_r.c	Sun Apr  3 18:14:15 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: getservbyname_r.c,v 1.7 2010/04/25 00:54:46 joerg Exp $	*/
+/*	$NetBSD: getservbyname_r.c,v 1.8 2011/04/03 22:14:15 christos Exp $	*/
 
 /*
  * Copyright (c) 1983, 1993
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)getservbyname.c	8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: getservbyname_r.c,v 1.7 2010/04/25 00:54:46 joerg Exp $");
+__RCSID("$NetBSD: getservbyname_r.c,v 1.8 2011/04/03 22:14:15 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -69,12 +69,14 @@
 		namelen = strlen(name);
 		if (namelen == 0 || namelen > 255)
 			return NULL;
-		if (proto != NULL && *proto == '\0')
-			return NULL;
-		if (proto != NULL)
+		if (proto != NULL) {
 			protolen = strlen(proto);
-		else
+			if (protolen == 0 || protolen > 255)
+				return NULL;
+		} else
 			protolen = 0;
+		if (namelen + protolen > 255)
+			return NULL;
 
 		buf[0] = namelen;
 		buf[1] = protolen;
Index: src/lib/libc/net/getservbyport_r.c
diff -u src/lib/libc/net/getservbyport_r.c:1.7 src/lib/libc/net/getservbyport_r.c:1.8
--- src/lib/libc/net/getservbyport_r.c:1.7	Sat Apr 24 20:54:46 2010
+++ src/lib/libc/net/getservbyport_r.c	Sun Apr  3 18:14:15 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: getservbyport_r.c,v 1.7 2010/04/25 00:54:46 joerg Exp $	*/
+/*	$NetBSD: getservbyport_r.c,v 1.8 2011/04/03 22:14:15 christos Exp $	*/
 
 /*
  * Copyright (c) 1983, 1993
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)getservbyport.c	8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: getservbyport_r.c,v 1.7 2010/04/25 00:54:46 joerg Exp $");
+__RCSID("$NetBSD: getservbyport_r.c,v 1.8 2011/04/03 22:14:15 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -67,11 +67,11 @@
 
 		port = be16toh(port);
 
-		if (proto != NULL && *proto == '\0')
-			return NULL;
-		if (proto != NULL)
+		if (proto != NULL) {
 			protolen = strlen(proto);
-		else
+			if (protolen == 0 || protolen > 255)
+				return NULL;
+		} else
 			protolen = 0;
 		if (port < 0 || port > 65536)
 			return NULL;

Reply via email to