mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2025-01-13 13:17:36 +03:00
second part of the security fix for xmlNanoFTPConnect() and
* nanoftp.c nanohttp.c: second part of the security fix for xmlNanoFTPConnect() and xmlNanoHTTPConnectHost(). Daniel
This commit is contained in:
Daniel Veillard
parent
95ddcd3266
commit
8e2c9792e9
@ -1,3 +1,8 @@
|
|||||||
|
Wed Oct 27 11:44:35 CEST 2004 Daniel Veillard <daniel@veillard.com>
|
||||||
|
|
||||||
|
* nanoftp.c nanohttp.c: second part of the security fix for
|
||||||
|
xmlNanoFTPConnect() and xmlNanoHTTPConnectHost().
|
||||||
|
|
||||||
Tue Oct 26 23:57:02 CEST 2004 Daniel Veillard <daniel@veillard.com>
|
Tue Oct 26 23:57:02 CEST 2004 Daniel Veillard <daniel@veillard.com>
|
||||||
|
|
||||||
* nanoftp.c: applied fixes for a couple of potential security problems
|
* nanoftp.c: applied fixes for a couple of potential security problems
|
||||||
|
|||||||
12
nanoftp.c
12
nanoftp.c
@ -1106,9 +1106,13 @@ xmlNanoFTPConnect(void *ctx) {
|
|||||||
if (!tmp) {
|
if (!tmp) {
|
||||||
if (result)
|
if (result)
|
||||||
freeaddrinfo (result);
|
freeaddrinfo (result);
|
||||||
|
__xmlIOErr(XML_FROM_FTP, 0, "getaddrinfo failed");
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
if (tmp->ai_addrlen > sizeof(ctxt->ftpAddr)) {
|
||||||
|
__xmlIOErr(XML_FROM_FTP, 0, "gethostbyname address mismatch");
|
||||||
return (-1);
|
return (-1);
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
if (tmp->ai_family == AF_INET6) {
|
if (tmp->ai_family == AF_INET6) {
|
||||||
memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
|
memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
|
||||||
((struct sockaddr_in6 *) &ctxt->ftpAddr)->sin6_port = htons (port);
|
((struct sockaddr_in6 *) &ctxt->ftpAddr)->sin6_port = htons (port);
|
||||||
@ -1122,7 +1126,6 @@ xmlNanoFTPConnect(void *ctx) {
|
|||||||
addrlen = tmp->ai_addrlen;
|
addrlen = tmp->ai_addrlen;
|
||||||
freeaddrinfo (result);
|
freeaddrinfo (result);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
@ -1134,6 +1137,11 @@ xmlNanoFTPConnect(void *ctx) {
|
|||||||
__xmlIOErr(XML_FROM_FTP, 0, "gethostbyname failed");
|
__xmlIOErr(XML_FROM_FTP, 0, "gethostbyname failed");
|
||||||
return (-1);
|
return (-1);
|
||||||
}
|
}
|
||||||
|
if (hp->h_length >
|
||||||
|
sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) {
|
||||||
|
__xmlIOErr(XML_FROM_FTP, 0, "gethostbyname address mismatch");
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Prepare the socket
|
* Prepare the socket
|
||||||
|
|||||||
18
nanohttp.c
18
nanohttp.c
@ -1072,11 +1072,21 @@ xmlNanoHTTPConnectHost(const char *host, int port)
|
|||||||
for (res = result; res; res = res->ai_next) {
|
for (res = result; res; res = res->ai_next) {
|
||||||
if (res->ai_family == AF_INET || res->ai_family == AF_INET6) {
|
if (res->ai_family == AF_INET || res->ai_family == AF_INET6) {
|
||||||
if (res->ai_family == AF_INET6) {
|
if (res->ai_family == AF_INET6) {
|
||||||
|
if (res->ai_addrlen > sizeof(sockin6)) {
|
||||||
|
__xmlIOErr(XML_FROM_HTTP, 0, "address size mismatch\n");
|
||||||
|
freeaddrinfo (result);
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
memcpy (&sockin6, res->ai_addr, res->ai_addrlen);
|
memcpy (&sockin6, res->ai_addr, res->ai_addrlen);
|
||||||
sockin6.sin6_port = htons (port);
|
sockin6.sin6_port = htons (port);
|
||||||
addr = (struct sockaddr *)&sockin6;
|
addr = (struct sockaddr *)&sockin6;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
if (res->ai_addrlen > sizeof(sockin)) {
|
||||||
|
__xmlIOErr(XML_FROM_HTTP, 0, "address size mismatch\n");
|
||||||
|
freeaddrinfo (result);
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
memcpy (&sockin, res->ai_addr, res->ai_addrlen);
|
memcpy (&sockin, res->ai_addr, res->ai_addrlen);
|
||||||
sockin.sin_port = htons (port);
|
sockin.sin_port = htons (port);
|
||||||
addr = (struct sockaddr *)&sockin;
|
addr = (struct sockaddr *)&sockin;
|
||||||
@ -1141,6 +1151,10 @@ xmlNanoHTTPConnectHost(const char *host, int port)
|
|||||||
for (i = 0; h->h_addr_list[i]; i++) {
|
for (i = 0; h->h_addr_list[i]; i++) {
|
||||||
if (h->h_addrtype == AF_INET) {
|
if (h->h_addrtype == AF_INET) {
|
||||||
/* A records (IPv4) */
|
/* A records (IPv4) */
|
||||||
|
if ((unsigned int) h->h_length > sizeof(ia)) {
|
||||||
|
__xmlIOErr(XML_FROM_HTTP, 0, "address size mismatch\n");
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
memcpy (&ia, h->h_addr_list[i], h->h_length);
|
memcpy (&ia, h->h_addr_list[i], h->h_length);
|
||||||
sockin.sin_family = h->h_addrtype;
|
sockin.sin_family = h->h_addrtype;
|
||||||
sockin.sin_addr = ia;
|
sockin.sin_addr = ia;
|
||||||
@ -1149,6 +1163,10 @@ xmlNanoHTTPConnectHost(const char *host, int port)
|
|||||||
#ifdef SUPPORT_IP6
|
#ifdef SUPPORT_IP6
|
||||||
} else if (have_ipv6 () && (h->h_addrtype == AF_INET6)) {
|
} else if (have_ipv6 () && (h->h_addrtype == AF_INET6)) {
|
||||||
/* AAAA records (IPv6) */
|
/* AAAA records (IPv6) */
|
||||||
|
if ((unsigned int) h->h_length > sizeof(ia6)) {
|
||||||
|
__xmlIOErr(XML_FROM_HTTP, 0, "address size mismatch\n");
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
memcpy (&ia6, h->h_addr_list[i], h->h_length);
|
memcpy (&ia6, h->h_addr_list[i], h->h_length);
|
||||||
sockin6.sin6_family = h->h_addrtype;
|
sockin6.sin6_family = h->h_addrtype;
|
||||||
sockin6.sin6_addr = ia6;
|
sockin6.sin6_addr = ia6;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user