Fix crash on reloading of gai data in nscd.

2010-04-09 21:38:20 -07:00 · 2010-04-09 21:38:20 -07:00 · ea42a20cae
parent 17ad387727
commit ea42a20cae
3 changed files with 16 additions and 18 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+2010-04-09  Ulrich Drepper  <drepper@redhat.com>
+
+	* nscd/aicache.c (addhstaiX): Correct passing memory to address
+	list to gethostbyname4_r functions.
+
+	* resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Optimize
+	copying of h_name.
+
 2010-04-09  Roland McGrath  <roland@redhat.com>

 	* Makerules ($(common-objpfx)libc-abis.h): Depend on libc-abis.stamp.
--- a/nscd/aicache.c
+++ b/nscd/aicache.c
@ -1,5 +1,5 @@
 /* Cache handling for host lookup.
-   Copyright (C) 2004-2008, 2009 Free Software Foundation, Inc.
+   Copyright (C) 2004-2008, 2009, 2010 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Ulrich Drepper <drepper@redhat.com>, 2004.

@ -111,7 +111,7 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req,
  int old_res_options = _res.options;
  _res.options &= ~RES_USE_INET6;

-  size_t tmpbuf6len = 512;
+  size_t tmpbuf6len = 1024;
  char *tmpbuf6 = alloca (tmpbuf6len);
  size_t tmpbuf4len = 0;
  char *tmpbuf4 = NULL;
@ -133,9 +133,11 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req,
 							 "gethostbyname4_r");
      if (fct4 != NULL)
 	{
-	  struct gaih_addrtuple *at = NULL;
+	  struct gaih_addrtuple atmem;
+	  struct gaih_addrtuple *at;
 	  while (1)
 	    {
+	      at = &atmem;
 	      rc6 = 0;
 	      herrno = 0;
 	      status[1] = DL_CALL_FCT (fct4, (key, &at, tmpbuf6, tmpbuf6len,
@ -153,7 +155,7 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req,
 	    goto next_nip;

 	  /* We found the data.  Count the addresses and the size.  */
-	  for (const struct gaih_addrtuple *at2 = at; at2 != NULL;
+	  for (const struct gaih_addrtuple *at2 = at = &atmem; at2 != NULL;
 	       at2 = at2->next)
 	    {
 	      ++naddrs;
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@ -1050,7 +1050,7 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
 	  ++had_error;
 	  continue;
 	}
-      if (*firstp)
+      if (*firstp && canon == NULL)
 	{
 	  h_name = buffer;
 	  buffer += h_namelen;
@ -1166,19 +1166,7 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
 	  if (ttl != 0 && ttlp != NULL)
 	    *ttlp = ttl;

-	  if (canon != NULL)
-	    {
-	      (*pat)->name = canon;
-
-	      /* Reclaim buffer space.  */
-	      if (h_name + h_namelen == buffer)
-		{
-		  buffer = h_name;
-		  buflen += h_namelen;
-		}
-	    }
-	  else
-	    (*pat)->name = h_name;
+	  (*pat)->name = canon ?: h_name;

 	  *firstp = 0;
 	}