From 3073d26361bcb9e9f1e9ab998440ae3b321fe830 Mon Sep 17 00:00:00 2001 From: Alexey Izbyshev Date: Mon, 8 May 2023 19:03:46 +0300 Subject: [PATCH] getnameinfo: fix calling __dns_parse with potentially too large rlen Mail-Followup-To: musl@lists.openwall.com __res_send returns the full answer length even if it didn't fit the buffer, but __dns_parse expects the length of the filled part of the buffer. This is analogous to commit 77327ed064bd57b0e1865cd0e0364057ff4a53b4, which fixed the only other __dns_parse call site. --- src/network/getnameinfo.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/network/getnameinfo.c b/src/network/getnameinfo.c index 7abe0fa9..133c15b3 100644 --- a/src/network/getnameinfo.c +++ b/src/network/getnameinfo.c @@ -162,8 +162,10 @@ int getnameinfo(const struct sockaddr *restrict sa, socklen_t sl, query[3] = 0; /* don't need AD flag */ int rlen = __res_send(query, qlen, reply, sizeof reply); buf[0] = 0; - if (rlen > 0) + if (rlen > 0) { + if (rlen > sizeof reply) rlen = sizeof reply; __dns_parse(reply, rlen, dns_parse_callback, buf); + } } if (!*buf) { if (flags & NI_NAMEREQD) return EAI_NONAME; -- 2.39.2