[master] 2d303b0 Harden vtcp_sa_to_ascii

Martin Blix Grydeland martin at varnish-software.com
Mon Sep 15 15:52:50 CEST 2014


commit 2d303b0732694e8bb4dca3711f6c8ecf47ff751f
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date:   Mon Sep 15 15:43:25 2014 +0200

    Harden vtcp_sa_to_ascii
    
    Require that buffer arguments have greater than zero length to allow
    for zero termination.
    
    Make sure that NULL buffers are not touched.

diff --git a/lib/libvarnish/vtcp.c b/lib/libvarnish/vtcp.c
index 26191fe..624dbb8 100644
--- a/lib/libvarnish/vtcp.c
+++ b/lib/libvarnish/vtcp.c
@@ -61,6 +61,8 @@ vtcp_sa_to_ascii(const void *sa, socklen_t l, char *abuf, unsigned alen,
 {
 	int i;
 
+	assert(abuf == NULL || alen > 0);
+	assert(pbuf == NULL || plen > 0);
 	i = getnameinfo(sa, l, abuf, alen, pbuf, plen,
 	   NI_NUMERICHOST | NI_NUMERICSERV);
 	if (i) {
@@ -69,12 +71,14 @@ vtcp_sa_to_ascii(const void *sa, socklen_t l, char *abuf, unsigned alen,
 		 * for the gai_strerror in the bufffer :-(
 		 */
 		printf("getnameinfo = %d %s\n", i, gai_strerror(i));
-		(void)snprintf(abuf, alen, "Conversion");
-		(void)snprintf(pbuf, plen, "Failed");
+		if (abuf != NULL)
+			(void)snprintf(abuf, alen, "Conversion");
+		if (pbuf != NULL)
+			(void)snprintf(pbuf, plen, "Failed");
 		return;
 	}
 	/* XXX dirty hack for v4-to-v6 mapped addresses */
-	if (strncmp(abuf, "::ffff:", 7) == 0) {
+	if (abuf != NULL && strncmp(abuf, "::ffff:", 7) == 0) {
 		for (i = 0; abuf[i + 7]; ++i)
 			abuf[i] = abuf[i + 7];
 		abuf[i] = '\0';



More information about the varnish-commit mailing list