diff mbox series

[2/5] resolv: Check for inet_ntop failure in ns_sprintrrf

Message ID	fd53342fd0764dc033664d47f1e0e391cebfbbe5.1777546194.git.fweimer@redhat.com (mailing list archive)
State	Under Review
Delegated to:	Carlos O'Donell
Headers	DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 917C5436F7EF From: Florian Weimer <fweimer@redhat.com> To: libc-alpha@sourceware.org Subject: [PATCH 2/5] resolv: Check for inet_ntop failure in ns_sprintrrf In-Reply-To: <cover.1777546194.git.fweimer@redhat.com> Message-ID: <fd53342fd0764dc033664d47f1e0e391cebfbbe5.1777546194.git.fweimer@redhat.com> References: <cover.1777546194.git.fweimer@redhat.com> Date: Thu, 30 Apr 2026 12:52:02 +0200 User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain Precedence: list Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org
Series	Fixes for CVE-2026-5435, CVE-2026-6238 \| [0/5] Fixes for CVE-2026-5435, CVE-2026-6238 [1/5] Update GLIBC-SA-2026-0012 to mention A6 records [2/5] resolv: Check for inet_ntop failure in ns_sprintrrf [3/5] resolv: Remove incorrect parts of TSIG handling from ns_sprintrrf (CVE-2026-5435) [4/5] resolv: Fix buffer overreads in ns_sprintrrf (CVE-2026-6238) [5/5] resolv: Add test case tst-ns_sprintrr (bug 34033, bug 34069)

Checks

Context	Check	Description
redhat-pt-bot/TryBot-apply_patch	success	Patch applied to master at the time it was sent

Commit Message

Florian Weimer April 30, 2026, 10:52 a.m. UTC

  This makes the output more consistent (either failure or complete
output) and helps with systematic testing with varying buffer
sizes.
---
 resolv/ns_print.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff mbox series

Patch

diff --git a/resolv/ns_print.c b/resolv/ns_print.c
index cef2212fd2..5701e3d0c5 100644
--- a/resolv/ns_print.c
+++ b/resolv/ns_print.c
@@ -141,7 +141,8 @@  ns_sprintrrf(const u_char *msg, size_t msglen,
 	case ns_t_a:
 	  if (rdlen != (size_t)NS_INADDRSZ)
 			goto formerr;
-		(void) inet_ntop(AF_INET, rdata, buf, buflen);
+		if (inet_ntop (AF_INET, rdata, buf, buflen) == NULL)
+		  return -1;
 		addlen(strlen(buf), &buf, &buflen);
 		break;
 
@@ -308,10 +309,11 @@  ns_sprintrrf(const u_char *msg, size_t msglen,
 
 	case ns_t_aaaa:
 	  if (rdlen != (size_t)NS_IN6ADDRSZ)
-			goto formerr;
-		(void) inet_ntop(AF_INET6, rdata, buf, buflen);
-		addlen(strlen(buf), &buf, &buflen);
-		break;
+	    goto formerr;
+	  if (inet_ntop (AF_INET6, rdata, buf, buflen) == NULL)
+	    return -1;
+	  addlen(strlen(buf), &buf, &buflen);
+	  break;
 
 	case ns_t_loc: {
 		char t[255];
@@ -400,7 +402,8 @@  ns_sprintrrf(const u_char *msg, size_t msglen,
 			goto formerr;
 
 		/* Address. */
-		(void) inet_ntop(AF_INET, rdata, buf, buflen);
+		if (inet_ntop (AF_INET, rdata, buf, buflen) == NULL)
+		  return -1;
 		addlen(strlen(buf), &buf, &buflen);
 		rdata += NS_INADDRSZ;
 
@@ -542,7 +545,8 @@  ns_sprintrrf(const u_char *msg, size_t msglen,
 			if (rdata + pbyte >= edata) goto formerr;
 			memset(&a, 0, sizeof(a));
 			memcpy(&a.s6_addr[pbyte], rdata, sizeof(a) - pbyte);
-			(void) inet_ntop(AF_INET6, &a, buf, buflen);
+			if (inet_ntop (AF_INET6, &a, buf, buflen) == NULL)
+			  return -1;
 			addlen(strlen(buf), &buf, &buflen);
 			rdata += sizeof(a) - pbyte;
 		}