git: 9front

Download patch

ref: 9ade24c8699a18a92c799cd5edffd6398fce5ea2
parent: dfb0ed24233a87af9879ca8d41a98c4bda6a4095
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Wed Aug 22 15:45:29 EDT 2012 

ndb/dns: fix memory corruption and bad serveraddrs() range checks


--- a/sys/src/cmd/ndb/dnresolve.c
+++ b/sys/src/cmd/ndb/dnresolve.c
@@ -832,7 +832,7 @@
 	Dest *cur;
 
 	if(nd >= Maxdest)		/* dest array is full? */
-		return Maxdest - 1;
+		return Maxdest;
 
 	/*
 	 *  look for a server whose address we already know.
@@ -1080,13 +1080,12 @@
 	 */
 	if (qp->ndest > qp->curdest - p) {
 		j = serveraddrs(qp, qp->curdest - p, depth);
-		if (j < 0 || j >= Maxdest) {
+		if (j < 0 || j > Maxdest) {
 			dnslog("serveraddrs() result %d out of range", j);
 			abort();
 		}
 		qp->curdest = &qp->dest[j];
 	}
-	destck(qp->curdest);
 
 	/* no servers, punt */
 	if (qp->ndest == 0)
@@ -1439,9 +1438,10 @@
 					break;
 
 			/* remove all addrs of responding server from list */
-			for(np = qp->dest; np < qp->curdest; np++)
-				if(np->s == p->s)
-					p->nx = Maxtrans;
+			if(p != qp->curdest)
+				for(np = qp->dest; np < qp->curdest; np++)
+					if(np->s == p->s)
+						np->nx = Maxtrans;
 
 			/* free or incorporate RRs in m */
 			rv = procansw(qp, &m, srcip, depth, p);
--