head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.54
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.52
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.50
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.48
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.46
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.44
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.42
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.40
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.38
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.36
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.34
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.32
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.30
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.28
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.2.0.26
	pkgsrc-2006Q4-base:1.2
	pkgsrc-2006Q3:1.2.0.24
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.2.0.22
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.2.0.20
	pkgsrc-2006Q1-base:1.2
	pkgsrc-2005Q4:1.2.0.18
	pkgsrc-2005Q4-base:1.2
	pkgsrc-2005Q3:1.2.0.16
	pkgsrc-2005Q3-base:1.2
	pkgsrc-2005Q2:1.2.0.14
	pkgsrc-2005Q2-base:1.2
	pkgsrc-2005Q1:1.2.0.12
	pkgsrc-2005Q1-base:1.2
	pkgsrc-2004Q4:1.2.0.10
	pkgsrc-2004Q4-base:1.2
	pkgsrc-2004Q3:1.2.0.8
	pkgsrc-2004Q3-base:1.2
	pkgsrc-2004Q2:1.2.0.6
	pkgsrc-2004Q2-base:1.2
	pkgsrc-2004Q1:1.2.0.4
	pkgsrc-2004Q1-base:1.2
	pkgsrc-2003Q4:1.2.0.2
	pkgsrc-2003Q4-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2002.06.28.05.49.10;	author itojun;	state dead;
branches;
next	1.1;

1.1
date	2002.06.26.06.00.51;	author itojun;	state Exp;
branches;
next	;


desc
@@


1.2
log
@upgrade to 4.9.9.

--- 4.9.9-REL released ---

818. [bug]      remote buffer overrun.
@
text
@$NetBSD: patch-ab,v 1.1 2002/06/26 06:00:51 itojun Exp $

--- res/getnetnamadr.c-	Wed Jun 26 12:09:06 2002
+++ res/getnetnamadr.c	Wed Jun 26 12:12:06 2002
@@@@ -99,7 +99,7 @@@@
 	register int n;
 	u_char *eom;
-	int type, class, buflen, ancount, qdcount, haveanswer, i, nchar;
+	int type, class, ancount, qdcount, haveanswer, i, nchar;
 	char aux1[30], aux2[30], ans[30], *in, *st, *pauxt, *bp, **ap,
-		*paux1 = &aux1[0], *paux2 = &aux2[0], flag = 0;
+		*paux1 = &aux1[0], *paux2 = &aux2[0], flag = 0, *ep;
 static	struct netent net_entry;
 static	char *net_aliases[MAXALIASES], netbuf[PACKETSZ];
@@@@ -124,5 +124,5 @@@@
 	qdcount = ntohs(hp->qdcount); /* #/entries in the question section */
 	bp = netbuf;
-	buflen = sizeof(netbuf);
+	ep = netbuf + sizeof(netbuf);
 	cp = answer->buf + HFIXEDSZ;
 	if (!qdcount) {
@@@@ -140,5 +140,5 @@@@
 	haveanswer = 0;
 	while (--ancount >= 0 && cp < eom) {
-		n = dn_expand(answer->buf, eom, cp, bp, buflen);
+		n = dn_expand(answer->buf, eom, cp, bp, ep - bp);
 		if ((n < 0) || !res_dnok(bp))
 			break;
@@@@ -151,5 +151,5 @@@@
 		GETSHORT(n, cp);
 		if (class == C_IN && type == T_PTR) {
-			n = dn_expand(answer->buf, eom, cp, bp, buflen);
+			n = dn_expand(answer->buf, eom, cp, bp, ep - bp);
 			if ((n < 0) || !res_hnok(bp)) {
 				cp += n;
@


1.1
log
@avoid remote buffer overrun on hostbuf[].  From: Joost Pol <joost@@pine.nl>

correct bad practice in the code - it uses two changing variables
to manage buffer (buf and buflen).  we eliminate buflen and use
fixed point (ep) as the ending pointer.

this fix is critical.
@
text
@d1 1
a1 1
$NetBSD$
@