Author: tfaber
Date: Wed Jun 20 00:57:53 2012
New Revision: 56756
URL: http://svn.reactos.org/svn/reactos?rev=56756&view=rev
Log:
[WS2_32]
- Do not manually allocate an incompatible hostent structure in
FindEntryInHosts. Use populate_hostent instead. Fixes buffer overflow in name
resolution.
See issue #7126 for more details.
Modified:
trunk/reactos/dll/win32/ws2_32/include/ws2_32.h
trunk/reactos/dll/win32/ws2_32/misc/ns.c
Modified: trunk/reactos/dll/win32/ws2_32/include/ws2_32.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/ws2_32/include/ws2_32.h?rev=56756&r1=56755&r2=56756&view=diff
==============================================================================
--- trunk/reactos/dll/win32/ws2_32/include/ws2_32.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/ws2_32/include/ws2_32.h [iso-8859-1] Wed Jun 20
00:57:53 2012
@@ -76,7 +76,7 @@
/* ws2_32 internal Functions */
void check_hostent(struct hostent **he);
-void populate_hostent(struct hostent *he, char* name, DNS_A_DATA addr);
+void populate_hostent(struct hostent *he, char* name, IP4_ADDRESS addr);
void free_hostent(struct hostent *he);
void free_servent(struct servent* s);
Modified: trunk/reactos/dll/win32/ws2_32/misc/ns.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/ws2_32/misc/ns.c?rev=56756&r1=56755&r2=56756&view=diff
==============================================================================
--- trunk/reactos/dll/win32/ws2_32/misc/ns.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/ws2_32/misc/ns.c [iso-8859-1] Wed Jun 20 00:57:53
2012
@@ -529,7 +529,7 @@
}
}
-void populate_hostent(struct hostent *he, char* name, DNS_A_DATA addr)
+void populate_hostent(struct hostent *he, char* name, IP4_ADDRESS addr)
{
ASSERT(he);
@@ -561,8 +561,8 @@
WS_DbgPrint(MID_TRACE,("he->h_addr_list[0] %x\n", he->h_addr_list[0]));
RtlCopyMemory(he->h_addr_list[0],
- &addr.IpAddress,
- sizeof(addr.IpAddress));
+ &addr,
+ sizeof(addr));
he->h_addr_list[1] = NULL;
}
@@ -813,51 +813,12 @@
return NULL;
}
- if( !p->Hostent )
- {
- p->Hostent = HeapAlloc(GlobalHeap, 0, sizeof(*p->Hostent));
- if( !p->Hostent )
- {
- WSASetLastError( WSATRY_AGAIN );
- return NULL;
- }
- }
-
- p->Hostent->h_name = HeapAlloc(GlobalHeap, 0, strlen(DnsName));
- if( !p->Hostent->h_name )
- {
- WSASetLastError( WSATRY_AGAIN );
- return NULL;
- }
-
- RtlCopyMemory(p->Hostent->h_name,
- DnsName,
- strlen(DnsName));
-
- p->Hostent->h_aliases = HeapAlloc(GlobalHeap, 0, sizeof(char *));
- if( !p->Hostent->h_aliases )
- {
- WSASetLastError( WSATRY_AGAIN );
- return NULL;
- }
-
- p->Hostent->h_aliases[0] = 0;
-
if (strstr(AddressStr, ":"))
{
DbgPrint("AF_INET6 NOT SUPPORTED!\n");
WSASetLastError(WSAEINVAL);
return NULL;
}
- else
- p->Hostent->h_addrtype = AF_INET;
-
- p->Hostent->h_addr_list = HeapAlloc(GlobalHeap, 0, sizeof(char *));
- if( !p->Hostent->h_addr_list )
- {
- WSASetLastError( WSATRY_AGAIN );
- return NULL;
- }
Address = inet_addr(AddressStr);
if (Address == INADDR_NONE)
@@ -866,18 +827,7 @@
return NULL;
}
- p->Hostent->h_addr_list[0] = HeapAlloc(GlobalHeap, 0, sizeof(Address));
- if( !p->Hostent->h_addr_list[0] )
- {
- WSASetLastError( WSATRY_AGAIN );
- return NULL;
- }
-
- RtlCopyMemory(p->Hostent->h_addr_list[0],
- &Address,
- sizeof(Address));
-
- p->Hostent->h_length = sizeof(Address);
+ populate_hostent(p->Hostent, DnsName, Address);
return p->Hostent;
}
@@ -996,7 +946,9 @@
{
WS_DbgPrint(MID_TRACE,("populating hostent\n"));
WS_DbgPrint(MID_TRACE,("pName is (%s)\n", curr->pName));
- populate_hostent(p->Hostent, (PCHAR)curr->pName, curr->Data.A);
+ populate_hostent(p->Hostent,
+ (PCHAR)curr->pName,
+ curr->Data.A.IpAddress);
DnsRecordListFree(dp, DnsFreeRecordList);
return p->Hostent;
}
