fix off-by-one in checking hostname length in new resolver backend

this bug was introduced in the recent resolver overhaul commits. it likely had visible symptoms. these were probably limited to wrongly accepting truncated versions of over-long names (vs rejecting them), as opposed to stack-based overflows or anything more severe, but no extensive checks were made. there have been no releases where this bug was present.

fix off-by-one in checking hostname length in new resolver backend
this bug was introduced in the recent resolver overhaul commits. it likely had visible symptoms. these were probably limited to wrongly accepting truncated versions of over-long names (vs rejecting them), as opposed to stack-based overflows or anything more severe, but no extensive checks were made. there have been no releases where this bug was present.
bb9af59b · Rich Felker · af7c308e · bb9af59b
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

src/network/lookup_name.c src/network/lookup_name.c +2 -2

未找到文件。
--- a/src/network/lookup_name.c
+++ b/src/network/lookup_name.c
@@ -14,7 +14,7 @@
 static int is_valid_hostname(const char *host)
 {
 	const unsigned char *s;
-	if (strnlen(host, 255)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
+	if (strnlen(host, 256)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
 	for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++);
 	return !*s;
 }
@@ -119,7 +119,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c
 	*canon = 0;
 	if (name) {
 		size_t l;
-		if ((l = strnlen(name, 255))-1 > 254)
+		if ((l = strnlen(name, 256))-1 > 254)
 			return EAI_NONAME;
 		memcpy(canon, name, l+1);
 	}