From b38dc057f7bff85d052b5560aecd17ce78efabc0 Mon Sep 17 00:00:00 2001
From: Eric Andersen <andersen@codepoet.org>
Date: Fri, 2 Feb 2007 00:30:30 +0000
Subject: Ronald Maeder writes:

Hi Erik,

Thanks for all your great work.  I found a set of bugs in
resolv.c .  Basically, there is code that looks like:

        BIGLOCK;
        __nameserversXX=__nameservers;
        __nameserverXX=__nameserver;
        BIGUNLOCK;
        i = __dns_lookup(dname, type, __nameserversXX, __nameserverXX, &packet, &a);

which is a problem because the declarations are

int __nameservers;
char * __nameserver[MAX_SERVERS];
int __searchdomains;
char * __searchdomain[MAX_SEARCH];

so you can see that __nameserver is a pointer.  Copying the
pointer to __nameserverXX doesn't protect the global variable
space.  I have attached a patch and the new file.  I hope you
will incorporate these bug fixes.  I spent quite a bit of time
tracking them down.

Many thanks,

Ron
---
 libc/inet/resolv.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'libc')

diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c
index 68b096e1b..a910c9adf 100644
--- a/libc/inet/resolv.c
+++ b/libc/inet/resolv.c
@@ -753,7 +753,11 @@ int attribute_hidden __dns_lookup(const char *name, int type, int nscount, char
 		++local_id;
 		local_id &= 0xffff;
 		h.id = local_id;
+		BIGLOCK;
+		/* this is really __nameserver[] which is a global that
+		   needs a lock!! */
 		dns = nsip[local_ns];
+		BIGUNLOCK;
 
 		h.qdcount = 1;
 		h.rd = 1;
@@ -788,7 +792,11 @@ int attribute_hidden __dns_lookup(const char *name, int type, int nscount, char
 				retries+1, NAMESERVER_PORT, dns);
 
 #ifdef __UCLIBC_HAS_IPV6__
+		BIGLOCK;
+		/* 'dns' is really __nameserver[] which is a global that
+		   needs a lock!! */
 		v6 = inet_pton(AF_INET6, dns, &sa6.sin6_addr) > 0;
+		BIGUNLOCK;
 		fd = socket(v6 ? AF_INET6 : AF_INET, SOCK_DGRAM, IPPROTO_UDP);
 #else
 		fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
@@ -809,7 +817,11 @@ int attribute_hidden __dns_lookup(const char *name, int type, int nscount, char
 #endif
 		    sa.sin_family = AF_INET;
 		    sa.sin_port = htons(NAMESERVER_PORT);
+		    BIGLOCK;
+		    /* 'dns' is really __nameserver[] which is a global that
+		       needs a lock!! */
 		    sa.sin_addr.s_addr = inet_addr(dns);
+		    BIGUNLOCK;
 		    rc = connect(fd, (struct sockaddr *) &sa, sizeof(sa));
 #ifdef __UCLIBC_HAS_IPV6__
 		}
-- 
cgit v1.2.3