jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-21 00:10:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

auth: Make sure we get AF_INET addresses from DNS

Browse Source 
The routines which do AFSDB and SRV lookups copy the results of
gethostbyname directly into an afs_int32, and use the size of the
result to limit the copy. If, for any reason, they get a result that
isn't an int, then they will overflow this value.

Check that the result we get from gethostbyname is in the INET
address family, and also limit the size of the copy by the size of the
destination, rather than that of the source.

Caught by clang-analyzer

Change-Id: Icf1426e090bc1ed382212d5de6c291d0816fb2c9
Reviewed-on: http://gerrit.openafs.org/7096
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
This commit is contained in:
Simon Wilkinson 2012-03-31 12:20:25 -04:00 committed by Derrick Brashear
parent 20265ddd78
commit de94f97649
1 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/auth/cellconfig.c
View File

@ -1099,17 +1099,18 @@ afsconf_LookupServer(const char *service, const char *protocol,
if ((afsdb_type == 1) && (server_num < MAXHOSTSPERCELL) &&
/* Do we want to get TTL data for the A record as well? */
(he = gethostbyname(host))) {
afs_int32 ipaddr;
memcpy(&ipaddr, he->h_addr, he->h_length);
cellHostAddrs[server_num] = ipaddr;
ports[server_num] = afsdbPort;
ipRanks[server_num] = 0;
strncpy(cellHostNames[server_num], host,
sizeof(cellHostNames[server_num]));
server_num++;
if (!minttl || ttl < minttl)
minttl = ttl;
if (he->h_addrtype == AF_INET) {
afs_int32 ipaddr;
memcpy(&ipaddr, he->h_addr, sizeof(ipaddr));
cellHostAddrs[server_num] = ipaddr;
ports[server_num] = afsdbPort;
ipRanks[server_num] = 0;
strncpy(cellHostNames[server_num], host,
sizeof(cellHostNames[server_num]));
server_num++;
if (!minttl || ttl < minttl)
minttl = ttl;
}
}
}
if (type == T_SRV) {
@ -1132,18 +1133,21 @@ afsconf_LookupServer(const char *service, const char *protocol,
if ((server_num < MAXHOSTSPERCELL) &&
/* Do we want to get TTL data for the A record as well? */
(he = gethostbyname(host))) {
afs_int32 ipaddr;
memcpy(&ipaddr, he->h_addr, he->h_length);
cellHostAddrs[server_num] = ipaddr;
ipRanks[server_num] = (p[0] << 8) | p[1];
ports[server_num] = htons((p[4] << 8) | p[5]);
/* weight = (p[2] << 8) | p[3]; */
strncpy(cellHostNames[server_num], host,
sizeof(cellHostNames[server_num]));
server_num++;
if (he->h_addrtype == AF_INET) {
afs_int32 ipaddr;
if (!minttl || ttl < minttl)
minttl = ttl;
memcpy(&ipaddr, he->h_addr, sizeof(ipaddr));
cellHostAddrs[server_num] = ipaddr;
ipRanks[server_num] = (p[0] << 8) | p[1];
ports[server_num] = htons((p[4] << 8) | p[5]);
/* weight = (p[2] << 8) | p[3]; */
strncpy(cellHostNames[server_num], host,
sizeof(cellHostNames[server_num]));
server_num++;
if (!minttl || ttl < minttl)
minttl = ttl;
}
}
}