From d5dd6189d506068ed11c8bfa1e1e9bffde04decd Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Mon, 21 Jan 2013 17:41:28 +0100
Subject: [PATCH] Fix parsing of numeric hosts in gethostbyname_r

---
 ChangeLog              | 14 ++++++++++
 NEWS                   | 12 ++++-----
 nss/Makefile           |  2 +-
 nss/digits_dots.c      | 73 ++++++++++++++------------------------------------
 nss/getXXbyYY_r.c      |  5 +++-
 nss/test-digits-dots.c | 38 ++++++++++++++++++++++++++
 6 files changed, 83 insertions(+), 61 deletions(-)
 create mode 100644 nss/test-digits-dots.c

diff --git a/ChangeLog b/ChangeLog
index c3b540135d..61377cc3bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2013-05-21  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #15014]
+	* nss/getXXbyYY_r.c (INTERNAL (REENTRANT_NAME))
+	[HANDLE_DIGITS_DOTS]: Set any_service when digits-dots parsing was
+	successful.
+	* nss/digits_dots.c (__nss_hostname_digits_dots): Remove
+	redundant variable declarations and reallocation of buffer when
+	parsing as IPv6 address.  Always set NSS status when called from
+	reentrant functions.  Use NETDB_INTERNAL instead of TRY_AGAIN when
+	buffer too small.  Correct computation of needed size.
+	* nss/Makefile (tests): Add test-digits-dots.
+	* nss/test-digits-dots.c: New test.
+
 2013-05-21  Siddhesh Poyarekar  <siddhesh@redhat.com>
 
 	* benchtests/Makefile: Remove instructions for adding
diff --git a/NEWS b/NEWS
index b6efba48b0..420c31e696 100644
--- a/NEWS
+++ b/NEWS
@@ -13,12 +13,12 @@ Version 2.18
   12723, 13550, 13889, 13951, 13988, 14142, 14176, 14200, 14280, 14293,
   14317, 14327, 14478, 14496, 14582, 14686, 14812, 14888, 14908, 14920,
   14952, 14964, 14981, 14982, 14985, 14994, 14996, 15000, 15003, 15006,
-  15007, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15084, 15085,
-  15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287, 15304,
-  15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15342, 15346,
-  15359, 15361, 15366, 15380, 15394, 15395, 15405, 15406, 15409, 15416,
-  15418, 15419, 15423, 15424, 15426, 15429, 15442, 15448, 15480, 15485,
-  15488, 15490, 15493, 15497.
+  15007, 15014, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15084,
+  15085, 15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287,
+  15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15342,
+  15346, 15359, 15361, 15366, 15380, 15394, 15395, 15405, 15406, 15409,
+  15416, 15418, 15419, 15423, 15424, 15426, 15429, 15442, 15448, 15480,
+  15485, 15488, 15490, 15493, 15497.
 
 * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
   #15078).
diff --git a/nss/Makefile b/nss/Makefile
index 449a258f8f..553eafaa6b 100644
--- a/nss/Makefile
+++ b/nss/Makefile
@@ -37,7 +37,7 @@ install-bin             := getent makedb
 makedb-modules = xmalloc hash-string
 extra-objs		+= $(makedb-modules:=.o)
 
-tests			= test-netdb tst-nss-test1
+tests			= test-netdb tst-nss-test1 test-digits-dots
 xtests			= bug-erange
 
 include ../Makeconfig
diff --git a/nss/digits_dots.c b/nss/digits_dots.c
index 2b862956e9..e007ef47a4 100644
--- a/nss/digits_dots.c
+++ b/nss/digits_dots.c
@@ -46,7 +46,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
     {
       if (h_errnop)
 	*h_errnop = NETDB_INTERNAL;
-      *result = NULL;
+      if (buffer_size == NULL)
+	*status = NSS_STATUS_TRYAGAIN;
+      else
+	*result = NULL;
       return -1;
     }
 
@@ -83,14 +86,16 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 	}
 
       size_needed = (sizeof (*host_addr)
-		     + sizeof (*h_addr_ptrs) + strlen (name) + 1);
+		     + sizeof (*h_addr_ptrs)
+		     + sizeof (*h_alias_ptr) + strlen (name) + 1);
 
       if (buffer_size == NULL)
         {
 	  if (buflen < size_needed)
 	    {
+	      *status = NSS_STATUS_TRYAGAIN;
 	      if (h_errnop != NULL)
-		*h_errnop = TRY_AGAIN;
+		*h_errnop = NETDB_INTERNAL;
 	      __set_errno (ERANGE);
 	      goto done;
 	    }
@@ -109,7 +114,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 	      *buffer_size = 0;
 	      __set_errno (save);
 	      if (h_errnop != NULL)
-		*h_errnop = TRY_AGAIN;
+		*h_errnop = NETDB_INTERNAL;
 	      *result = NULL;
 	      goto done;
 	    }
@@ -149,7 +154,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 		  if (! ok)
 		    {
 		      *h_errnop = HOST_NOT_FOUND;
-		      if (buffer_size)
+		      if (buffer_size == NULL)
+			*status = NSS_STATUS_NOTFOUND;
+		      else
 			*result = NULL;
 		      goto done;
 		    }
@@ -190,7 +197,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 		  if (buffer_size == NULL)
 		    *status = NSS_STATUS_SUCCESS;
 		  else
-		   *result = resbuf;
+		    *result = resbuf;
 		  goto done;
 		}
 
@@ -201,15 +208,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 
       if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
 	{
-	  const char *cp;
-	  char *hostname;
-	  typedef unsigned char host_addr_t[16];
-	  host_addr_t *host_addr;
-	  typedef char *host_addr_list_t[2];
-	  host_addr_list_t *h_addr_ptrs;
-	  size_t size_needed;
-	  int addr_size;
-
 	  switch (af)
 	    {
 	    default:
@@ -225,7 +223,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 	      /* This is not possible.  We cannot represent an IPv6 address
 		 in an `struct in_addr' variable.  */
 	      *h_errnop = HOST_NOT_FOUND;
-	      *result = NULL;
+	      if (buffer_size == NULL)
+		*status = NSS_STATUS_NOTFOUND;
+	      else
+		*result = NULL;
 	      goto done;
 
 	    case AF_INET6:
@@ -233,42 +234,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 	      break;
 	    }
 
-	  size_needed = (sizeof (*host_addr)
-			 + sizeof (*h_addr_ptrs) + strlen (name) + 1);
-
-	  if (buffer_size == NULL && buflen < size_needed)
-	    {
-	      if (h_errnop != NULL)
-		*h_errnop = TRY_AGAIN;
-	      __set_errno (ERANGE);
-	      goto done;
-	    }
-	  else if (buffer_size != NULL && *buffer_size < size_needed)
-	    {
-	      char *new_buf;
-	      *buffer_size = size_needed;
-	      new_buf = realloc (*buffer, *buffer_size);
-
-	      if (new_buf == NULL)
-		{
-		  save = errno;
-		  free (*buffer);
-		  __set_errno (save);
-		  *buffer = NULL;
-		  *buffer_size = 0;
-		  *result = NULL;
-		  goto done;
-		}
-	      *buffer = new_buf;
-	    }
-
-	  memset (*buffer, '\0', size_needed);
-
-	  host_addr = (host_addr_t *) *buffer;
-	  h_addr_ptrs = (host_addr_list_t *)
-	    ((char *) host_addr + sizeof (*host_addr));
-	  hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
-
 	  for (cp = name;; ++cp)
 	    {
 	      if (!*cp)
@@ -281,7 +246,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 		  if (inet_pton (AF_INET6, name, host_addr) <= 0)
 		    {
 		      *h_errnop = HOST_NOT_FOUND;
-		      if (buffer_size)
+		      if (buffer_size == NULL)
+			*status = NSS_STATUS_NOTFOUND;
+		      else
 			*result = NULL;
 		      goto done;
 		    }
diff --git a/nss/getXXbyYY_r.c b/nss/getXXbyYY_r.c
index 1067744d63..44d00f4bcf 100644
--- a/nss/getXXbyYY_r.c
+++ b/nss/getXXbyYY_r.c
@@ -179,6 +179,9 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, LOOKUP_TYPE *resbuf, char *buffer,
     case -1:
       return errno;
     case 1:
+#ifdef NEED_H_ERRNO
+      any_service = true;
+#endif
       goto done;
     }
 #endif
@@ -288,7 +291,7 @@ done:
     /* Either we failed to lookup the functions or the functions themselves
        had a system error.  Set NETDB_INTERNAL here to let the caller know
        that the errno may have the real reason for failure.  */
-      *h_errnop = NETDB_INTERNAL;
+    *h_errnop = NETDB_INTERNAL;
   else if (status != NSS_STATUS_SUCCESS && !any_service)
     /* We were not able to use any service.  */
     *h_errnop = NO_RECOVERY;
diff --git a/nss/test-digits-dots.c b/nss/test-digits-dots.c
new file mode 100644
index 0000000000..1efa3449a3
--- /dev/null
+++ b/nss/test-digits-dots.c
@@ -0,0 +1,38 @@
+/* Copyright (C) 2013 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* Testcase for BZ #15014 */
+
+#include <stdlib.h>
+#include <netdb.h>
+#include <errno.h>
+
+static int
+do_test (void)
+{
+  char buf[32];
+  struct hostent *result = NULL;
+  struct hostent ret;
+  int h_err = 0;
+  int err;
+
+  err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err);
+  return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
-- 
2.11.4.GIT