diff mbox

Fix use of half-initialized result in resolver when using nscd

Message ID mvmha6tq63f.fsf@hawking.suse.de
State Committed
Delegated to: Siddhesh Poyarekar
Headers

Commit Message

Andreas Schwab March 20, 2014, 2:48 p.m. UTC 
  This fixes a bug in the way the results from __nscd_getai are collected:
for every returned result a new entry is first added to the
gaih_addrtuple list, but if that result doesn't match the request this
entry remains uninitialized.  So for this non-matching result an extra
result with uninitialized content is returned.

Andreas.

	* sysdeps/posix/getaddrinfo.c (gaih_inet): Properly skip over
	non-matching result from nscd.
---
 sysdeps/posix/getaddrinfo.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Andreas Schwab March 24, 2014, 7:27 a.m. UTC | #1 
There is now an easy reproducer in bug 16743.

Andreas.
Siddhesh Poyarekar March 24, 2014, 3:14 p.m. UTC | #2 
On Thu, Mar 20, 2014 at 03:48:04PM +0100, Andreas Schwab wrote:
> This fixes a bug in the way the results from __nscd_getai are collected:
> for every returned result a new entry is first added to the
> gaih_addrtuple list, but if that result doesn't match the request this
> entry remains uninitialized.  So for this non-matching result an extra
> result with uninitialized content is returned.
> 
> Andreas.
> 
> 	* sysdeps/posix/getaddrinfo.c (gaih_inet): Properly skip over
> 	non-matching result from nscd.

Looks good to me.  I assume you'll add the reference to #16743 when
you commit.

Thanks,
Siddhesh

> ---
>  sysdeps/posix/getaddrinfo.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
> index e1a399b..3385bed 100644
> --- a/sysdeps/posix/getaddrinfo.c
> +++ b/sysdeps/posix/getaddrinfo.c
> @@ -710,6 +710,14 @@ gaih_inet (const char *name, const struct gaih_service *service,
>  		  struct gaih_addrtuple *addrfree = addrmem;
>  		  for (int i = 0; i < air->naddrs; ++i)
>  		    {
> +		      if (!((air->family[i] == AF_INET
> +			     && req->ai_family == AF_INET6
> +			     && (req->ai_flags & AI_V4MAPPED) != 0)
> +			    || req->ai_family == AF_UNSPEC
> +			    || air->family[i] == req->ai_family))
> +			/* Skip over non-matching result.  */
> +			continue;
> +
>  		      socklen_t size = (air->family[i] == AF_INET
>  					? INADDRSZ : IN6ADDRSZ);
>  		      if (*pat == NULL)
> -- 
> 1.9.1
> 
> -- 
> Andreas Schwab, SUSE Labs, schwab@suse.de
> GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
> "And now for something completely different."
diff mbox

Patch

diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index e1a399b..3385bed 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -710,6 +710,14 @@  gaih_inet (const char *name, const struct gaih_service *service,
 		  struct gaih_addrtuple *addrfree = addrmem;
 		  for (int i = 0; i < air->naddrs; ++i)
 		    {
+		      if (!((air->family[i] == AF_INET
+			     && req->ai_family == AF_INET6
+			     && (req->ai_flags & AI_V4MAPPED) != 0)
+			    || req->ai_family == AF_UNSPEC
+			    || air->family[i] == req->ai_family))
+			/* Skip over non-matching result.  */
+			continue;
+
 		      socklen_t size = (air->family[i] == AF_INET
 					? INADDRSZ : IN6ADDRSZ);
 		      if (*pat == NULL)