HomeFreeBSD

h_resolv: Fix a buffer overflow in load().

Description

h_resolv: Fix a buffer overflow in load().

fgetln() returns a pointer to an array of characters that is 'len'
characters long, not 'len + 1'. While here, overwriting the contents
of the buffer returned by fgetln isn't really safe, so switch to using
getline() instead.

Note that these fixes are a subset of those applied to a
near-identical copy of this function in libc's resolv_test.c in commit
2afeaad315ac19450389b8f2befdbe7c91c37818.

Reviewed by: ngie
Reported by: CHERI (buffer overflow)
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D37886

Details

Provenance
jhbAuthored on Dec 28 2022, 5:39 PM
Reviewer
ngie
Differential Revision
D37886: h_resolv: Fix a buffer overflow in load().
Parents
rG058ac3e80633: atf_pytest_wrapper: fix pytest output truncation
Branches
Unknown
Tags
Unknown