1
0
mirror of https://github.com/rofl0r/proxychains-ng synced 2025-01-08 06:02:51 +08:00

fix bug which lead to segfault in ubuntu 12.04 telnet

it called gethostbyname and expected that the h->h_name was set.

this code path here which gets only active if the passed name
equals the gethostname() result failed to set a couple of values.

additionally fixed usage of strncpy, which causes the entire
memory buffer to be written, even when the string is much shorter.

a similar bugfix was independently discovered by semion laptev, but my
version is threadsafe - his version introduces a new static buffer,
even though we have plenty of thread-safe space reserved exactly
for this usage case, thus causing a regression.
This commit is contained in:
rofl0r 2012-11-04 01:00:47 +01:00
parent c2c719e25d
commit bddb79a286

View File

@ -752,6 +752,7 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
data->hostent_space.h_addr_list = data->resolved_addr_p;
data->resolved_addr = 0;
data->hostent_space.h_addrtype = AF_INET;
gethostname(buff, sizeof(buff));
@ -759,11 +760,15 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
data->resolved_addr = inet_addr(buff);
if(data->resolved_addr == (in_addr_t) (-1))
data->resolved_addr = (in_addr_t) (local_host.as_int);
snprintf(data->addr_name, sizeof(data->addr_name), "%s", name);
data->hostent_space.h_name = data->addr_name;
data->hostent_space.h_length = sizeof(in_addr_t);
return &data->hostent_space;
}
memset(buff, 0, sizeof(buff));
// FIXME this is not threadsafe
while((hp = gethostent()))
if(!strcmp(hp->h_name, name))
return hp;
@ -820,7 +825,7 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
MUTEX_UNLOCK(&internal_ips_lock);
strncpy(data->addr_name, name, sizeof(data->addr_name));
snprintf(data->addr_name, sizeof(data->addr_name), "%s", name);
data->hostent_space.h_name = data->addr_name;
data->hostent_space.h_length = sizeof(in_addr_t);