util: Avoid overflow in GetNameByINet

[openafs.git] / src / util / hostparse.c

diff --git a/src/util/hostparse.c b/src/util/hostparse.c
index 2462931..51c4bfb 100644 (file)
--- a/src/util/hostparse.c
+++ b/src/util/hostparse.c
@@ -14,24 +14,15 @@
 #include <afsconfig.h>
 #include <afs/param.h>
 
+#include <roken.h>
 
-#include <stdio.h>
-#include <sys/types.h>
-#include <stdlib.h>
 #ifdef AFS_NT40_ENV
-#include <winsock2.h>
 #include <direct.h>
 #else
-#include <netinet/in.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <netdb.h>
 #include <ctype.h>
 #endif
-#include <string.h>
-#include <errno.h>
-#include "afsutil.h"
 
+#include "afsutil.h"
 
 /* also parse a.b.c.d addresses */
 struct hostent *
@@ -62,7 +53,6 @@ hostutil_GetHostByName(char *ahost)
        }
     }
     if (numeric) {
-       tc = *ahost;            /* look at the first char */
        /* decimal address, return fake hostent with only hostaddr field good */
        tval = 0;
        dots = 0;
@@ -114,8 +104,8 @@ hostutil_GetNameByINet(afs_uint32 addr)
        return NULL;
 #endif
     th = gethostbyaddr((void *)&addr, sizeof(addr), AF_INET);
-    if (th) {
-       strcpy(tbuffer, th->h_name);
+    if (th && strlen(th->h_name) < sizeof(tbuffer)) {
+       strlcpy(tbuffer, th->h_name, sizeof(tbuffer));
     } else {
        addr = ntohl(addr);
        sprintf(tbuffer, "%d.%d.%d.%d", (int)((addr >> 24) & 0xff),
@@ -131,10 +121,13 @@ hostutil_GetNameByINet(afs_uint32 addr)
 ** w.x.y.z     # machineName
 ** returns the network interface in network byte order
 */
+
+#define MAXBYTELEN 32
 afs_uint32
 extractAddr(char *line, int maxSize)
 {
-    char byte1[32], byte2[32], byte3[32], byte4[32];
+    char byte1[MAXBYTELEN], byte2[MAXBYTELEN];
+    char byte3[MAXBYTELEN], byte4[MAXBYTELEN];
     int i = 0;
     char *endPtr;
     afs_uint32 val1, val2, val3, val4;
@@ -153,7 +146,7 @@ extractAddr(char *line, int maxSize)
     while ((*line != '.') && maxSize) {        /* extract first byte */
        if (!isdigit(*line))
            return AFS_IPINVALID;
-       if (i > 31)
+       if (i >= MAXBYTELEN-1)
            return AFS_IPINVALID;       /* no space */
        byte1[i++] = *line++;
        maxSize--;
@@ -166,7 +159,7 @@ extractAddr(char *line, int maxSize)
     while ((*line != '.') && maxSize) {        /* extract second byte */
        if (!isdigit(*line))
            return AFS_IPINVALID;
-       if (i > 31)
+       if (i >= MAXBYTELEN-1)
            return AFS_IPINVALID;       /* no space */
        byte2[i++] = *line++;
        maxSize--;
@@ -179,7 +172,7 @@ extractAddr(char *line, int maxSize)
     while ((*line != '.') && maxSize) {
        if (!isdigit(*line))
            return AFS_IPINVALID;
-       if (i > 31)
+       if (i >= MAXBYTELEN-1)
            return AFS_IPINVALID;       /* no space */
        byte3[i++] = *line++;
        maxSize--;
@@ -192,7 +185,7 @@ extractAddr(char *line, int maxSize)
     while (*line && !isspace(*line) && maxSize) {
        if (!isdigit(*line))
            return AFS_IPINVALID;
-       if (i > 31)
+       if (i >= MAXBYTELEN-1)
            return AFS_IPINVALID;       /* no space */
        byte4[i++] = *line++;
        maxSize--;
@@ -253,7 +246,7 @@ gettmpdir(void)
 
     if (saveTmpDir == NULL) {
        /* initialize global temporary directory string */
-       char *dirp = (char *)malloc(MAX_PATH+1);
+       char *dirp = malloc(MAX_PATH+1);
        int freeDirp = 1;
 
        if (dirp != NULL) {