diff options
| author | Szabolcs Nagy <nsz@port70.net> | 2014-06-05 22:52:40 +0200 | 
|---|---|---|
| committer | Szabolcs Nagy <nsz@port70.net> | 2014-06-05 23:06:37 +0200 | 
| commit | 2abb70c302efe46dfd8fd9e1d64fa00f1376f428 (patch) | |
| tree | 869f116a88556e51d9a4bc365bf47ad2532d3f8b /src | |
| parent | b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a (diff) | |
| download | musl-2abb70c302efe46dfd8fd9e1d64fa00f1376f428.tar.gz | |
fix the domain name length limit checks
A domain name is at most 255 bytes long (RFC 1035), but the string
representation is two bytes smaller so the strlen maximum is 253.
Diffstat (limited to 'src')
| -rw-r--r-- | src/network/lookup_name.c | 4 | ||||
| -rw-r--r-- | src/network/res_mkquery.c | 4 | ||||
| -rw-r--r-- | src/network/res_querydomain.c | 8 | 
3 files changed, 8 insertions, 8 deletions
| diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c index f324e547..68b172b4 100644 --- a/src/network/lookup_name.c +++ b/src/network/lookup_name.c @@ -14,7 +14,7 @@  static int is_valid_hostname(const char *host)  {  	const unsigned char *s; -	if (strnlen(host, 256)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0; +	if (strnlen(host, 254)-1 >= 253 || mbstowcs(0, host, 0) == -1) return 0;  	for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++);  	return !*s;  } @@ -153,7 +153,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c  	*canon = 0;  	if (name) {  		size_t l; -		if ((l = strnlen(name, 256))-1 > 254) +		if ((l = strnlen(name, 254))-1 >= 253)  			return EAI_NONAME;  		memcpy(canon, name, l+1);  	} diff --git a/src/network/res_mkquery.c b/src/network/res_mkquery.c index f7e4e9c6..7c49709e 100644 --- a/src/network/res_mkquery.c +++ b/src/network/res_mkquery.c @@ -10,9 +10,9 @@ int __res_mkquery(int op, const char *dname, int class, int type,  	int id, i, j;  	unsigned char q[280];  	struct timespec ts; -	size_t l = strnlen(dname, 256); +	size_t l = strnlen(dname, 254); -	if (l-1>=254 || buflen<18+l || op>15u || class>255u || type>255u) +	if (l-1>=253 || buflen<18+l || op>15u || class>255u || type>255u)  		return -1;  	/* Construct query template - ID will be filled later */ diff --git a/src/network/res_querydomain.c b/src/network/res_querydomain.c index c746dbe6..8ba31f45 100644 --- a/src/network/res_querydomain.c +++ b/src/network/res_querydomain.c @@ -3,10 +3,10 @@  int res_querydomain(const char *name, const char *domain, int class, int type, unsigned char *dest, int len)  { -	char tmp[256]; -	size_t nl = strnlen(name, 256); -	size_t dl = strnlen(domain, 256); -	if (nl+dl+1 > 255) return -1; +	char tmp[254]; +	size_t nl = strnlen(name, 254); +	size_t dl = strnlen(domain, 254); +	if (nl+dl+1 > 253) return -1;  	memcpy(tmp, name, nl);  	tmp[nl] = '.';  	memcpy(tmp+nl+1, domain, dl+1); | 
