Don't read potentially uninitalized memory if gethostname() failed

If the buffer is smaller than `HOST_NAME_MAX` (64 on Linux but up to
255 bytes in POSIX, which FreeBSD, MacOS etc honor) gethostname()
might return -1 without null-terminating the buffer, causing an
out-of-bounds read.
As we look for the first '.' using `strchr()`, replacing it with a
null byte, we also have a one-byte out-of-bounds write which might
result in a crash or, albeit very unlikely, arbitrary code execution.

(cherry picked from commit aac6348d56f6f3fdba9dd2455ef06081da507c14)
(cherry picked from commit be93bc7da4caddc5a6c84fa7b42e82592e9add49)

diff --git a/pdns/rec-carbon.cc b/pdns/rec-carbon.cc
index f8098edc746da840031333dee48ba6b492063068..3ffde289659caf0fcf3d307702c6f0263561da86 100644 (file)
--- a/pdns/rec-carbon.cc
+++ b/pdns/rec-carbon.cc
@@ -26,9 +26,11 @@ try
     return;
 
   if(hostname.empty()) {
-    char tmp[80];
+    char tmp[HOST_NAME_MAX+1];
     memset(tmp, 0, sizeof(tmp));
-    gethostname(tmp, sizeof(tmp));
+    if (gethostname(tmp, sizeof(tmp)) != 0) {
+      throw std::runtime_error("The 'carbon-ourname' setting has not been set and we are unable to determine the system's hostname: " + stringerror());
+    }
     char *p = strchr(tmp, '.');
     if(p) *p=0;