From owner-svn-src-all@freebsd.org Sat Aug 17 14:28:33 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 49605C8D3F; Sat, 17 Aug 2019 14:28:33 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 469jGn0q9sz4QTk; Sat, 17 Aug 2019 14:28:33 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F1B211AFFA; Sat, 17 Aug 2019 14:28:32 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x7HESW1G054861; Sat, 17 Aug 2019 14:28:32 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x7HESWZC054860; Sat, 17 Aug 2019 14:28:32 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201908171428.x7HESWZC054860@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Sat, 17 Aug 2019 14:28:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r351170 - head/sbin/ping6 X-SVN-Group: head X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: head/sbin/ping6 X-SVN-Commit-Revision: 351170 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Aug 2019 14:28:33 -0000 Author: asomers Date: Sat Aug 17 14:28:32 2019 New Revision: 351170 URL: https://svnweb.freebsd.org/changeset/base/351170 Log: ping6: Fix dnsdecode() bug introduced by r350859 Revision 350859 removed level of indirection that was needed for setting the caller's `cp' pointer. dnsdecode() uses return value to indicate error or success. It returns pointer to a buffer holding a decompressed DNS name or NULL. The caller uses that value only to find out the result, not for accessing the buffer. We use the return value to propagate the new value of `cp' pointer to the caller instead of using an output argument. Submitted by: Ján Sučan MFC after: 2 weeks MFC-With: 350859 Sponsored by: Google, Inc (Google Summer of Code 2019) Differential Revision: https://reviews.freebsd.org/D21266 Modified: head/sbin/ping6/ping6.c Modified: head/sbin/ping6/ping6.c ============================================================================== --- head/sbin/ping6/ping6.c Sat Aug 17 10:11:34 2019 (r351169) +++ head/sbin/ping6/ping6.c Sat Aug 17 14:28:32 2019 (r351170) @@ -279,7 +279,7 @@ static void pr_suptypes(struct icmp6_nodeinfo *, size static void pr_nodeaddr(struct icmp6_nodeinfo *, int); static int myechoreply(const struct icmp6_hdr *); static int mynireply(const struct icmp6_nodeinfo *); -static char *dnsdecode(const u_char *, const u_char *, const u_char *, +static const char *dnsdecode(const u_char *, const u_char *, const u_char *, char *, size_t); static void pr_pack(u_char *, int, struct msghdr *); static void pr_exthdrs(struct msghdr *); @@ -1446,10 +1446,26 @@ mynireply(const struct icmp6_nodeinfo *nip) return 0; } -static char * +/* + * Decode a name from a DNS message. + * + * Format of the message is described in RFC 1035 subsection 4.1.4. + * + * Arguments: + * sp - Pointer to a DNS pointer octet or to the first octet of a label + * in the message. + * ep - Pointer to the end of the message (one step past the last octet). + * base - Pointer to the beginning of the message. + * buf - Buffer into which the decoded name will be saved. + * bufsiz - Size of the buffer 'buf'. + * + * Return value: + * Pointer to an octet immediately following the ending zero octet + * of the decoded label, or NULL if an error occured. + */ +static const char * dnsdecode(const u_char *sp, const u_char *ep, const u_char *base, char *buf, size_t bufsiz) - /*base for compressed name*/ { int i; const u_char *cp; @@ -1502,8 +1518,7 @@ dnsdecode(const u_char *sp, const u_char *ep, const u_ if (i != 0) return NULL; /*not terminated*/ cp++; - sp = cp; - return buf; + return cp; } /* @@ -1523,7 +1538,8 @@ pr_pack(u_char *buf, int cc, struct msghdr *mhdr) int hoplim; struct sockaddr *from; int fromlen; - u_char *cp = NULL, *dp, *end = buf + cc; + const u_char *cp = NULL; + u_char *dp, *end = buf + cc; struct in6_pktinfo *pktinfo = NULL; struct timespec tv, tp; struct tv32 tpp; @@ -1696,9 +1712,10 @@ pr_pack(u_char *buf, int cc, struct msghdr *mhdr) } else { i = 0; while (cp < end) { - if (dnsdecode((const u_char *)cp, end, + cp = dnsdecode((const u_char *)cp, end, (const u_char *)(ni + 1), dnsname, - sizeof(dnsname)) == NULL) { + sizeof(dnsname)); + if (cp == NULL) { printf("???"); break; } @@ -2474,8 +2491,9 @@ pr_icmph(struct icmp6_hdr *icp, u_char *end) } printf(", subject=%s", niqcode[ni->ni_code]); cp = (const u_char *)(ni + 1); - if (dnsdecode(cp, end, NULL, dnsname, - sizeof(dnsname)) != NULL) + cp = dnsdecode(cp, end, NULL, dnsname, + sizeof(dnsname)); + if (cp != NULL) printf("(%s)", dnsname); else printf("(invalid)");