From ba2b2c94236651f014e4f9255b7075e654a853dd Mon Sep 17 00:00:00 2001 From: Vitaliy Gusev Date: Thu, 17 Nov 2011 11:20:13 +0300 Subject: 393 Invalid nd_hostservlist contents crash mountd Reviewed by: Garrett D'Amore Reviewed by: Gordon Ross Approved by: Richard Lowe --- usr/src/lib/libnsl/nss/netdir_inet.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'usr/src/lib/libnsl/nss/netdir_inet.c') diff --git a/usr/src/lib/libnsl/nss/netdir_inet.c b/usr/src/lib/libnsl/nss/netdir_inet.c index 37914da7e1..b6d02dea7f 100644 --- a/usr/src/lib/libnsl/nss/netdir_inet.c +++ b/usr/src/lib/libnsl/nss/netdir_inet.c @@ -20,6 +20,7 @@ */ /* + * Copyright 2011 Nexenta Systems, Inc. All rights reserved. * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -585,9 +586,7 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, ndbuf4switch->buflen, &h_errnop); if (he == NULL) { NSS_XbyY_FREE(&ndbuf4switch); - _nderror = h_errnop ? - __herrno2netdir(h_errnop) : - ND_NOHOST; + _nderror = __herrno2netdir(h_errnop); return (_nderror); } /* @@ -673,9 +672,7 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, args->arg.nss.host6.flags, &h_errnop); if (he == NULL) { NSS_XbyY_FREE(&ndbuf4switch); - _nderror = h_errnop ? - __herrno2netdir(h_errnop) : - ND_NOHOST; + _nderror = __herrno2netdir(h_errnop); return (_nderror); } /* @@ -1310,7 +1307,8 @@ _switch_gethostbyname_r(const char *name, struct hostent *result, char *buffer, res = nss_search(&db_root_hosts, _nss_initf_hosts, NSS_DBOP_HOSTS_BYNAME, &arg); arg.status = res; - *h_errnop = arg.h_errno; + if (res != NSS_SUCCESS) + *h_errnop = arg.h_errno ? arg.h_errno : __nss2herrno(res); if (arg.returnval != NULL) order_haddrlist_af(result->h_addrtype, result->h_addr_list); return ((struct hostent *)NSS_XbyY_FINI(&arg)); @@ -1331,7 +1329,8 @@ _switch_getipnodebyname_r(const char *name, struct hostent *result, res = nss_search(&db_root_ipnodes, _nss_initf_ipnodes, NSS_DBOP_IPNODES_BYNAME, &arg); arg.status = res; - *h_errnop = arg.h_errno; + if (res != NSS_SUCCESS) + *h_errnop = arg.h_errno ? arg.h_errno : __nss2herrno(res); if (arg.returnval != NULL) order_haddrlist_af(result->h_addrtype, result->h_addr_list); return ((struct hostent *)NSS_XbyY_FINI(&arg)); @@ -1352,7 +1351,8 @@ _switch_gethostbyaddr_r(const char *addr, int len, int type, res = nss_search(&db_root_hosts, _nss_initf_hosts, NSS_DBOP_HOSTS_BYADDR, &arg); arg.status = res; - *h_errnop = arg.h_errno; + if (res != NSS_SUCCESS) + *h_errnop = arg.h_errno ? arg.h_errno : __nss2herrno(res); return (struct hostent *)NSS_XbyY_FINI(&arg); } @@ -1371,7 +1371,8 @@ _switch_getipnodebyaddr_r(const char *addr, int len, int type, res = nss_search(&db_root_ipnodes, _nss_initf_ipnodes, NSS_DBOP_IPNODES_BYADDR, &arg); arg.status = res; - *h_errnop = arg.h_errno; + if (res != NSS_SUCCESS) + *h_errnop = arg.h_errno ? arg.h_errno : __nss2herrno(res); return (struct hostent *)NSS_XbyY_FINI(&arg); } -- cgit v1.2.3 From d81a47b31915db183b6865cc617bb95aa37df2f4 Mon Sep 17 00:00:00 2001 From: Milan Jurik Date: Sat, 17 Mar 2012 14:03:50 -0500 Subject: 2072 netdir_inet.c contains macro in the middle of function with problematic format Reviewed by: Steve Gonczi Reviewed by: Bayard Bell Reviewed by: Dan McDonald Reviewed by: Andrew Stormont Approved by: Richard Lowe --- usr/src/lib/libnsl/nss/netdir_inet.c | 47 +++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 20 deletions(-) (limited to 'usr/src/lib/libnsl/nss/netdir_inet.c') diff --git a/usr/src/lib/libnsl/nss/netdir_inet.c b/usr/src/lib/libnsl/nss/netdir_inet.c index b6d02dea7f..640e1f7e58 100644 --- a/usr/src/lib/libnsl/nss/netdir_inet.c +++ b/usr/src/lib/libnsl/nss/netdir_inet.c @@ -23,6 +23,7 @@ * Copyright 2011 Nexenta Systems, Inc. All rights reserved. * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ /* @@ -160,6 +161,17 @@ static boolean_t _read_nsw_file(void); * Top Level Interfaces that gethost/serv/netdir funnel through. */ +static int +inetdir_free(int ret, struct in_addr *inaddrs, char **baddrlist) +{ + if (inaddrs) + free(inaddrs); + if (baddrlist) + free(baddrlist); + _nderror = ret; + return (ret); +} + /* * gethost/servbyname always call this function; if they call * with nametoaddr libs in nconf, we call netdir_getbyname @@ -182,7 +194,6 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, struct in6_addr v6nameaddr; char **baddrlist = NULL; - if (nconf == NULL) { _nderror = ND_BADARG; return (ND_BADARG); @@ -332,7 +343,7 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, * memory at each 'return()' point. * * Early return protection (using - * FREE_return()) is needed only in NETDIR_BY + * inetdir_free()) is needed only in NETDIR_BY * cases because dynamic allocation is used * when args->op_t == NETDIR_BY. * @@ -344,15 +355,6 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, * servp!=0 conditionals because this is handled * (and returned) first. */ -#define FREE_return(ret) \ - { \ - if (inaddrs) \ - free(inaddrs); \ - if (baddrlist) \ - free(baddrlist); \ - _nderror = ret; \ - return (ret); \ - } int i, bnets; bnets = getbroadcastnets(nconf, &inaddrs); @@ -362,7 +364,8 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, } baddrlist = malloc((bnets+1)*sizeof (char *)); if (baddrlist == NULL) - FREE_return(ND_NOMEM); + return (inetdir_free(ND_NOMEM, inaddrs, + baddrlist)); for (i = 0; i < bnets; i++) baddrlist[i] = (char *)&inaddrs[i]; baddrlist[i] = NULL; @@ -381,7 +384,7 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, */ ret = hent2ndaddr(AF_INET, haddrlist, servp, res->nd_alist); - FREE_return(ret); + return (inetdir_free(ret, inaddrs, baddrlist)); } break; @@ -475,7 +478,7 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, */ ret = hent2ndaddr(AF_INET6, haddrlist, servp, res->nd_alist); - FREE_return(ret); + return (inetdir_free(ret, inaddrs, baddrlist)); } break; @@ -544,13 +547,15 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, ndbuf4switch = _nss_XbyY_buf_alloc( sizeof (struct servent), NSS_BUFLEN_SERVICES); if (ndbuf4switch == 0) - FREE_return(ND_NOMEM); + return (inetdir_free(ND_NOMEM, inaddrs, + baddrlist)); se = _switch_getservbyname_r(args->arg.nd_hs->h_serv, proto, ndbuf4switch->result, ndbuf4switch->buffer, ndbuf4switch->buflen); if (!se) { NSS_XbyY_FREE(&ndbuf4switch); - FREE_return(ND_NOSERV); + return (inetdir_free(ND_NOSERV, inaddrs, + baddrlist)); } server_port = se->s_port; NSS_XbyY_FREE(&ndbuf4switch); @@ -618,7 +623,7 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, */ ret = hent2ndaddr(AF_INET, haddrlist, &server_port, res->nd_alist); - FREE_return(ret); + return (inetdir_free(ret, inaddrs, baddrlist)); } @@ -641,14 +646,16 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, sizeof (struct servent), NSS_BUFLEN_SERVICES); if (ndbuf4switch == 0) - FREE_return(ND_NOMEM); + return (inetdir_free(ND_NOMEM, inaddrs, + baddrlist)); se = _switch_getservbyname_r( args->arg.nd_hs->h_serv, proto, ndbuf4switch->result, ndbuf4switch->buffer, ndbuf4switch->buflen); if (!se) { NSS_XbyY_FREE(&ndbuf4switch); - FREE_return(ND_NOSERV); + return (inetdir_free(ND_NOSERV, inaddrs, + baddrlist)); } server_port = se->s_port; NSS_XbyY_FREE(&ndbuf4switch); @@ -696,7 +703,7 @@ _get_hostserv_inetnetdir_byname(struct netconfig *nconf, */ ret = hent2ndaddr(AF_INET6, haddrlist, &server_port, res->nd_alist); - FREE_return(ret); + return (inetdir_free(ret, inaddrs, baddrlist)); } default: -- cgit v1.2.3