Hello,
I'm attaching a small patch to ftpfs. This fixes:
* ftpfs null pointer dereference when provided with an invalid hostname
* gethostbyname_r invocation
Thank you,
Chris
From 49bebc60e9d5913ca98f59ea7b31a010f69e8857 Mon Sep 17 00:00:00 2001
From: Krzysztof Piecuch <piec...@protonmail.com>
Date: Mon, 26 Aug 2019 13:43:18 -0400
Subject: [PATCH] ftpfs: fix host lookup error handling
---
ftpfs/host.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/ftpfs/host.c b/ftpfs/host.c
index cd6fd4c0..dab77046 100644
--- a/ftpfs/host.c
+++ b/ftpfs/host.c
@@ -101,7 +101,10 @@ split_server_name (const char *server, char **host, char **user, char **passwd)
error_t
lookup_server (const char *server, struct ftp_conn_params **params, int *h_err)
{
- char hostent_data[2048]; /* XXX what size should this be???? */
+ size_t bufsize = 64;
+ const size_t bufsizemax = 4096;
+ int retval;
+ char *hostent_data = NULL;
struct hostent _he, *he;
char *host, *user, *passwd;
error_t err = split_server_name (server, &host, &user, &passwd);
@@ -114,8 +117,17 @@ lookup_server (const char *server, struct ftp_conn_params **params, int *h_err)
thread could have inserted a duplicate entry for the same host name, but
this isn't really a problem, just annoying. */
- if (gethostbyname_r (host, &_he, hostent_data, sizeof hostent_data,
- &he, h_err) == 0)
+ do {
+ bufsize *= 2;
+ hostent_data = realloc(hostent_data, bufsize);
+ if (!hostent_data)
+ err = ENOMEM;
+ retval = gethostbyname_r (host, &_he, hostent_data, bufsize,
+ &he, h_err);
+ printf("retval %i\n", retval);
+ } while (!err && retval == ERANGE && bufsize < bufsizemax);
+
+ if (retval == 0 && he)
{
*params = malloc (sizeof (struct ftp_conn_params));
if (! *params)
@@ -143,6 +155,7 @@ lookup_server (const char *server, struct ftp_conn_params **params, int *h_err)
err = EINVAL;
free (host);
+ free (hostent_data);
if (err)
{
--
2.20.1
