Apply by doing: cd /usr/src patch -p0 < 007_resolver.patch And then rebuild and install libc: cd lib/libc make obj cleandir depend make && make install Note that programs that are linked statically will not pick up the change unless they are rebuilt. This includes the contents of /bin and /sbin. Index: lib/libc/net/gethostnamadr.c =================================================================== RCS file: /cvs/src/lib/libc/net/gethostnamadr.c,v retrieving revision 1.45 retrieving revision 1.45.2.1 diff -u -r1.45 -r1.45.2.1 --- lib/libc/net/gethostnamadr.c 17 Feb 2002 19:42:23 -0000 1.45 +++ lib/libc/net/gethostnamadr.c 26 Jun 2002 06:03:49 -0000 1.45.2.1 @@ -99,7 +99,7 @@ static int stayopen = 0; static void map_v4v6_address(const char *src, char *dst); -static void map_v4v6_hostent(struct hostent *hp, char **bp, int *len); +static void map_v4v6_hostent(struct hostent *hp, char **bp, char *); #ifdef RESOLVSORT static void addrsort(char **, int); @@ -168,8 +168,8 @@ register const u_char *cp; register int n; const u_char *eom; - char *bp, **ap, **hap; - int type, class, buflen, ancount, qdcount; + char *bp, **ap, **hap, *ep; + int type, class, ancount, qdcount; int haveanswer, had_error; int toobig = 0; char tbuf[MAXDNAME]; @@ -203,13 +203,13 @@ ancount = ntohs(hp->ancount); qdcount = ntohs(hp->qdcount); bp = hostbuf; - buflen = sizeof hostbuf; + ep = hostbuf + sizeof hostbuf; cp = answer->buf + HFIXEDSZ; if (qdcount != 1) { h_errno = NO_RECOVERY; return (NULL); } - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { h_errno = NO_RECOVERY; return (NULL); @@ -223,7 +223,6 @@ n = strlen(bp) + 1; /* for the \0 */ host.h_name = bp; bp += n; - buflen -= n; /* The qname can be abbreviated, but h_name is now absolute. */ qname = host.h_name; } @@ -236,7 +235,7 @@ haveanswer = 0; had_error = 0; while (ancount-- > 0 && cp < eom && !had_error) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { had_error++; continue; @@ -271,17 +270,15 @@ *ap++ = bp; n = strlen(bp) + 1; /* for the \0 */ bp += n; - buflen -= n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen) { + if (n > ep - bp) { had_error++; continue; } strcpy(bp, tbuf); host.h_name = bp; bp += n; - buflen -= n; continue; } if (qtype == T_PTR && type == T_CNAME) { @@ -297,14 +294,13 @@ cp += n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen) { + if (n > ep - bp) { had_error++; continue; } strcpy(bp, tbuf); tname = bp; bp += n; - buflen -= n; continue; } if (type != qtype) { @@ -323,7 +319,7 @@ cp += n; continue; /* XXX - had_error++ ? */ } - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); #ifdef USE_RESOLV_NAME_OK if ((n < 0) || !res_hnok(bp)) { #else @@ -343,7 +339,6 @@ if (n != -1) { n = strlen(bp) + 1; /* for the \0 */ bp += n; - buflen -= n; } break; #else @@ -351,8 +346,7 @@ if (_res.options & RES_USE_INET6) { n = strlen(bp) + 1; /* for the \0 */ bp += n; - buflen -= n; - map_v4v6_hostent(&host, &bp, &buflen); + map_v4v6_hostent(&host, &bp, ep); } h_errno = NETDB_SUCCESS; return (&host); @@ -375,7 +369,6 @@ host.h_name = bp; nn = strlen(bp) + 1; /* for the \0 */ bp += nn; - buflen -= nn; } bp += sizeof(align) - ((u_long)bp % sizeof(align)); @@ -399,7 +392,6 @@ } bcopy(cp, *hap++ = bp, n); bp += n; - buflen -= n; cp += n; break; } @@ -420,15 +412,14 @@ # endif /*RESOLVSORT*/ if (!host.h_name) { n = strlen(qname) + 1; /* for the \0 */ - if (n > buflen) + if (n > ep - bp) goto try_again; strcpy(bp, qname); host.h_name = bp; bp += n; - buflen -= n; } if (_res.options & RES_USE_INET6) - map_v4v6_hostent(&host, &bp, &buflen); + map_v4v6_hostent(&host, &bp, ep); h_errno = NETDB_SUCCESS; return (&host); } @@ -520,8 +511,8 @@ { querybuf buf; register const char *cp; - char *bp; - int n, size, type, len, i; + char *bp, *ep; + int n, size, type, i; extern struct hostent *_gethtbyname2(), *_yp_gethtbyname(); register struct hostent *hp; char lookups[MAXDNSLUS]; @@ -575,7 +566,7 @@ } strlcpy(hostbuf, name, MAXHOSTNAMELEN); bp = hostbuf + MAXHOSTNAMELEN; - len = sizeof hostbuf - MAXHOSTNAMELEN; + ep = hostbuf + sizeof(hostbuf); host.h_name = hostbuf; host.h_aliases = host_aliases; host_aliases[0] = NULL; @@ -583,7 +574,7 @@ h_addr_ptrs[1] = NULL; host.h_addr_list = h_addr_ptrs; if (_res.options & RES_USE_INET6) - map_v4v6_hostent(&host, &bp, &len); + map_v4v6_hostent(&host, &bp, ep); h_errno = NETDB_SUCCESS; return (&host); } @@ -607,7 +598,7 @@ } strlcpy(hostbuf, name, MAXHOSTNAMELEN); bp = hostbuf + MAXHOSTNAMELEN; - len = sizeof hostbuf - MAXHOSTNAMELEN; + ep = hostbuf + sizeof(hostbuf); host.h_name = hostbuf; host.h_aliases = host_aliases; host_aliases[0] = NULL; @@ -866,9 +857,9 @@ *q = NULL; if (_res.options & RES_USE_INET6) { char *bp = hostbuf; - int buflen = sizeof hostbuf; + char *ep = hostbuf + sizeof hostbuf; - map_v4v6_hostent(&host, &bp, &buflen); + map_v4v6_hostent(&host, &bp, ep); } h_errno = NETDB_SUCCESS; return (&host); @@ -1084,10 +1075,10 @@ } static void -map_v4v6_hostent(hp, bpp, lenp) +map_v4v6_hostent(hp, bpp, ep) struct hostent *hp; char **bpp; - int *lenp; + char *ep; { char **ap; @@ -1098,17 +1089,15 @@ for (ap = hp->h_addr_list; *ap; ap++) { int i = sizeof(align) - ((u_long)*bpp % sizeof(align)); - if (*lenp < (i + IN6ADDRSZ)) { + if (ep - *bpp < (i + IN6ADDRSZ)) { /* Out of memory. Truncate address list here. XXX */ *ap = NULL; return; } *bpp += i; - *lenp -= i; map_v4v6_address(*ap, *bpp); *ap = *bpp; *bpp += IN6ADDRSZ; - *lenp -= IN6ADDRSZ; } } Index: lib/libc/net/getnetnamadr.c =================================================================== RCS file: /cvs/src/lib/libc/net/getnetnamadr.c,v retrieving revision 1.15 retrieving revision 1.15.2.1 diff -u -r1.15 -r1.15.2.1 --- lib/libc/net/getnetnamadr.c 16 Feb 2002 21:27:23 -0000 1.15 +++ lib/libc/net/getnetnamadr.c 26 Jun 2002 06:03:49 -0000 1.15.2.1 @@ -133,9 +133,9 @@ register u_char *cp; register int n; u_char *eom; - int type, class, buflen, ancount, qdcount, haveanswer, i, nchar; + int type, class, ancount, qdcount, haveanswer, i, nchar; char aux1[MAXHOSTNAMELEN], aux2[MAXHOSTNAMELEN], ans[MAXHOSTNAMELEN]; - char *in, *st, *pauxt, *bp, **ap; + char *in, *st, *pauxt, *bp, **ap, *ep; char *paux1 = &aux1[0], *paux2 = &aux2[0], flag = 0; static struct netent net_entry; static char *net_aliases[MAXALIASES], netbuf[BUFSIZ+1]; @@ -159,7 +159,7 @@ ancount = ntohs(hp->ancount); /* #/records in the answer section */ qdcount = ntohs(hp->qdcount); /* #/entries in the question section */ bp = netbuf; - buflen = sizeof(netbuf); + ep = netbuf + sizeof(netbuf); cp = answer->buf + HFIXEDSZ; if (!qdcount) { if (hp->aa) @@ -175,7 +175,7 @@ net_entry.n_aliases = net_aliases; haveanswer = 0; while (--ancount >= 0 && cp < eom) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); #ifdef USE_RESOLV_NAME_OK if ((n < 0) || !res_dnok(bp)) #else @@ -190,12 +190,13 @@ cp += INT32SZ; /* TTL */ GETSHORT(n, cp); if (class == C_IN && type == T_PTR) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); #ifdef USE_RESOLV_NAME_OK - if ((n < 0) || !res_hnok(bp)) { + if ((n < 0) || !res_hnok(bp)) #else - if ((n < 0) || !_hokchar(bp)) { + if ((n < 0) || !_hokchar(bp)) #endif + { cp += n; return (NULL); }