From: David Hankins <dhankins@isc.org>
Date: Wed, 22 Jul 2009 21:58:14 +0000 (+0000)
Subject: - A patch supplied by David Cantrell at RedHat was applied that detects
X-Git-Tag: v4_2_0a1~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=583c1c168a2bf54b055dd50a7348b9ffc1283c74;p=thirdparty%2Fdhcp.git

- A patch supplied by David Cantrell at RedHat was applied that detects
  invalid calling parameters given to the ns_name_ntop() function.
  Specifically, it detects if the caller passed a pointer and size pair
  that causes the pointer to integer-wrap past zero.  [ISC-Bugs #17737]
---

diff --git a/RELNOTES b/RELNOTES
index d7d1d649c..bd7619b48 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -178,6 +178,11 @@ work on other platforms. Please report any problems and suggested fixes to
   detected, rather than simply if a lease is noticed to have expired (which it
   may have expired without a failover server noticing in some situations).
 
+- A patch supplied by David Cantrell at RedHat was applied that detects
+  invalid calling parameters given to the ns_name_ntop() function.
+  Specifically, it detects if the caller passed a pointer and size pair
+  that causes the pointer to integer-wrap past zero.
+
 			Changes since 4.1.0b1
 
 - A missing "else" in dhcrelay.c could have caused an interface not to
diff --git a/minires/ns_name.c b/minires/ns_name.c
index 65788753f..5b749b773 100644
--- a/minires/ns_name.c
+++ b/minires/ns_name.c
@@ -22,7 +22,7 @@
  */
 
 #ifndef lint
-static const char rcsid[] = "$Id: ns_name.c,v 1.2 2005/03/17 20:15:17 dhankins Exp $";
+static const char rcsid[] = "$Id: ns_name.c,v 1.3 2009/07/22 21:58:14 dhankins Exp $";
 #endif
 
 #include <sys/types.h>
@@ -71,6 +71,11 @@ ns_name_ntop(const u_char *src, char *dst, size_t dstsiz) {
 	dn = dst;
 	eom = dst + dstsiz;
 
+	if (dn >= eom) {
+		errno = EMSGSIZE;
+		return (-1);
+	}
+
 	while ((n = *cp++) != 0) {
 		if ((n & NS_CMPRSFLGS) != 0) {
 			/* Some kind of compression pointer. */