mirror of
https://github.com/rofl0r/proxychains-ng
synced 2025-01-08 06:02:51 +08:00
fix bug which lead to segfault in ubuntu 12.04 telnet
it called gethostbyname and expected that the h->h_name was set. this code path here which gets only active if the passed name equals the gethostname() result failed to set a couple of values. additionally fixed usage of strncpy, which causes the entire memory buffer to be written, even when the string is much shorter. a similar bugfix was independently discovered by semion laptev, but my version is threadsafe - his version introduces a new static buffer, even though we have plenty of thread-safe space reserved exactly for this usage case, thus causing a regression.
This commit is contained in:
parent
c2c719e25d
commit
bddb79a286
@ -752,6 +752,7 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
|
||||
data->hostent_space.h_addr_list = data->resolved_addr_p;
|
||||
|
||||
data->resolved_addr = 0;
|
||||
data->hostent_space.h_addrtype = AF_INET;
|
||||
|
||||
gethostname(buff, sizeof(buff));
|
||||
|
||||
@ -759,11 +760,15 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
|
||||
data->resolved_addr = inet_addr(buff);
|
||||
if(data->resolved_addr == (in_addr_t) (-1))
|
||||
data->resolved_addr = (in_addr_t) (local_host.as_int);
|
||||
snprintf(data->addr_name, sizeof(data->addr_name), "%s", name);
|
||||
data->hostent_space.h_name = data->addr_name;
|
||||
data->hostent_space.h_length = sizeof(in_addr_t);
|
||||
return &data->hostent_space;
|
||||
}
|
||||
|
||||
memset(buff, 0, sizeof(buff));
|
||||
|
||||
// FIXME this is not threadsafe
|
||||
while((hp = gethostent()))
|
||||
if(!strcmp(hp->h_name, name))
|
||||
return hp;
|
||||
@ -820,7 +825,7 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
|
||||
|
||||
MUTEX_UNLOCK(&internal_ips_lock);
|
||||
|
||||
strncpy(data->addr_name, name, sizeof(data->addr_name));
|
||||
snprintf(data->addr_name, sizeof(data->addr_name), "%s", name);
|
||||
|
||||
data->hostent_space.h_name = data->addr_name;
|
||||
data->hostent_space.h_length = sizeof(in_addr_t);
|
||||
|
Loading…
Reference in New Issue
Block a user