From krb5-bugs-incoming-bounces@mit.edu Tue Nov 2 13:29:01 2004 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id NAA01452; Tue, 2 Nov 2004 13:29:01 -0500 (EST) Received: from pch.mit.edu (localhost [127.0.0.1]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id iA2IT1Xn026901 for ; Tue, 2 Nov 2004 13:29:01 -0500 (EST) Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id iA20QoXn001189 for ; Mon, 1 Nov 2004 19:26:50 -0500 (EST) Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) iA20QnfS011246 for ; Mon, 1 Nov 2004 19:26:49 -0500 (EST) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id iA20Qm2W022293 for ; Mon, 1 Nov 2004 19:26:48 -0500 Received: from devserv.devel.redhat.com (devserv.devel.redhat.com [172.16.58.1]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id iA20Qhr03050 for ; Mon, 1 Nov 2004 19:26:43 -0500 Received: from axe.boston.redhat.com (axe.boston.redhat.com [172.16.80.51]) iA20QeT5000611 for ; Mon, 1 Nov 2004 19:26:40 -0500 Received: from axe.boston.redhat.com (localhost.localdomain [127.0.0.1]) by axe.boston.redhat.com (8.13.1/8.13.1) with ESMTP id iA20F3Yp015843 for ; Mon, 1 Nov 2004 19:15:03 -0500 Received: (from nalin@localhost) by axe.boston.redhat.com (8.13.1/8.13.1/Submit) id iA20F3xD015842; Mon, 1 Nov 2004 19:15:03 -0500 Date: Mon, 1 Nov 2004 19:15:03 -0500 Message-Id: <200411020015.iA20F3xD015842@axe.boston.redhat.com> To: krb5-bugs@mit.edu From: nalin@redhat.com X-send-pr-version: 3.99 X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Tue, 02 Nov 2004 13:29:00 -0500 Subject: error checking result of gethostbyname_r X-BeenThere: krb5-bugs-incoming@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: nalin@redhat.com Sender: krb5-bugs-incoming-bounces@mit.edu Errors-To: krb5-bugs-incoming-bounces@mit.edu >Submitter-Id: net >Originator: Nalin Dahyabhai >Organization: >Confidential: no >Synopsis: fake-getaddrinfo.h incorrectly checks for gethostbyname_r errors >Severity: serious >Priority: medium >Category: krb5-appl >Class: sw-bug >Release: krb5-1.3.4 >Environment: System: Linux axe.boston.redhat.com 2.6.8-1.624smp #1 SMP Thu Oct 14 21:16:29 EDT 2004 i686 i686 i386 GNU/Linux Architecture: i686 >Description: When GETHOSTBYNAME_R_RETURNS_INT is set by configure, the current implementation of GET_HOST_BY_NAME checks for errors from gethostbyname_r by checking its result code. An error has also occurred if my_hp has not been set to point to my_h_ent. >How-To-Repeat: On my setup, configuring a host with only an IPv6 address in /etc/hosts was enough to trigger the bug. >Fix: In addition to checking if the numeric result returned by gethostbyname_r is non-zero, check that my_hp has been set to point to my_h_ent. Suggested patch: --- src/include/fake-addrinfo.h 2004-09-02 18:59:42.000000000 -0400 +++ src/include/fake-addrinfo.h 2004-11-01 19:17:30.127252336 -0500 @@ -187,24 +187,27 @@ extern /*@dependent@*/ char *gai_strerro #ifdef GETHOSTBYNAME_R_RETURNS_INT #define GET_HOST_BY_NAME(NAME, HP, ERR) \ { \ - struct hostent my_h_ent, *my_hp; \ - int my_h_err; \ + struct hostent my_h_ent, *my_hp = NULL; \ + int my_h_err, my_ret; \ char my_h_buf[8192]; \ - (HP) = (gethostbyname_r((NAME), &my_h_ent, \ - my_h_buf, sizeof (my_h_buf), &my_hp, \ - &my_h_err) \ + my_ret = (gethostbyname_r((NAME), &my_h_ent, \ + my_h_buf, sizeof (my_h_buf), &my_hp, \ + &my_h_err)); \ + (HP) = (((my_ret != 0) || (my_hp != &my_h_ent)) \ ? 0 \ : &my_h_ent); \ (ERR) = my_h_err; \ } #define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \ { \ - struct hostent my_h_ent, *my_hp; \ - int my_h_err; \ + struct hostent my_h_ent, *my_hp = NULL; \ + int my_h_err, my_ret; \ char my_h_buf[8192]; \ - (HP) = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &my_h_ent, \ - my_h_buf, sizeof (my_h_buf), &my_hp, \ - &my_h_err) \ + my_ret = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), \ + &my_h_ent, \ + my_h_buf, sizeof (my_h_buf), &my_hp, \ + &my_h_err)); \ + (HP) = (((my_ret != 0) || (my_hp != &my_h_ent)) \ ? 0 \ : &my_h_ent); \ (ERR) = my_h_err; \