Page MenuHomeFreeBSD
Differential D37886

h_resolv: Fix a buffer overflow in load().
ClosedPublic
Actions

Authored by jhb on Dec 27 2022, 10:25 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 17, 4:25 AM
Unknown Object (File)
Mon, Apr 14, 9:38 AM
Unknown Object (File)
Mon, Apr 14, 4:40 AM
Unknown Object (File)
Mon, Apr 14, 1:25 AM
Unknown Object (File)
Sun, Apr 13, 10:54 PM
Unknown Object (File)
Feb 25 2025, 4:38 PM
Unknown Object (File)
Feb 23 2025, 10:05 AM
Unknown Object (File)
Feb 22 2025, 4:49 PM
View All 64 Files
Subscribers
imp

Details

Reviewers
emaste
brooks
ngie
Commits
rG519395f62d29: h_resolv: Fix a buffer overflow in load().
rGd13121853497: h_resolv: Fix a buffer overflow in load().
Summary

fgetln() returns a pointer to an array of characters that is 'len'
characters long, not 'len + 1'. While here, overwriting the contents
of the buffer returned by fgetln isn't really safe, so switch to using
getline() instead.

Note that these fixes are a subset of those applied to a
near-identical copy of this function in libc's resolv_test.c in commit
2afeaad315ac19450389b8f2befdbe7c91c37818.

Reported by: CHERI (buffer overflow)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 48895
Build 45784: arc lint + arc unit

Revision Contents
Changeset List

PathSize
contrib/
netbsd-tests/
lib/
libpthread/
10 lines

Diff 114583

View Options

contrib/netbsd-tests/lib/libpthread/h_resolv.c

Loading...