mirror of
https://github.com/rofl0r/proxychains-ng.git
synced 2025-01-05 23:28:52 +00:00
fix bug which lead to segfault in ubuntu 12.04 telnet
it called gethostbyname and expected that the h->h_name was set. this code path here which gets only active if the passed name equals the gethostname() result failed to set a couple of values. additionally fixed usage of strncpy, which causes the entire memory buffer to be written, even when the string is much shorter. a similar bugfix was independently discovered by semion laptev, but my version is threadsafe - his version introduces a new static buffer, even though we have plenty of thread-safe space reserved exactly for this usage case, thus causing a regression.
This commit is contained in:
parent
c2c719e25d
commit
bddb79a286
@ -752,6 +752,7 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
|
|||||||
data->hostent_space.h_addr_list = data->resolved_addr_p;
|
data->hostent_space.h_addr_list = data->resolved_addr_p;
|
||||||
|
|
||||||
data->resolved_addr = 0;
|
data->resolved_addr = 0;
|
||||||
|
data->hostent_space.h_addrtype = AF_INET;
|
||||||
|
|
||||||
gethostname(buff, sizeof(buff));
|
gethostname(buff, sizeof(buff));
|
||||||
|
|
||||||
@ -759,11 +760,15 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
|
|||||||
data->resolved_addr = inet_addr(buff);
|
data->resolved_addr = inet_addr(buff);
|
||||||
if(data->resolved_addr == (in_addr_t) (-1))
|
if(data->resolved_addr == (in_addr_t) (-1))
|
||||||
data->resolved_addr = (in_addr_t) (local_host.as_int);
|
data->resolved_addr = (in_addr_t) (local_host.as_int);
|
||||||
|
snprintf(data->addr_name, sizeof(data->addr_name), "%s", name);
|
||||||
|
data->hostent_space.h_name = data->addr_name;
|
||||||
|
data->hostent_space.h_length = sizeof(in_addr_t);
|
||||||
return &data->hostent_space;
|
return &data->hostent_space;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(buff, 0, sizeof(buff));
|
memset(buff, 0, sizeof(buff));
|
||||||
|
|
||||||
|
// FIXME this is not threadsafe
|
||||||
while((hp = gethostent()))
|
while((hp = gethostent()))
|
||||||
if(!strcmp(hp->h_name, name))
|
if(!strcmp(hp->h_name, name))
|
||||||
return hp;
|
return hp;
|
||||||
@ -820,7 +825,7 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
|
|||||||
|
|
||||||
MUTEX_UNLOCK(&internal_ips_lock);
|
MUTEX_UNLOCK(&internal_ips_lock);
|
||||||
|
|
||||||
strncpy(data->addr_name, name, sizeof(data->addr_name));
|
snprintf(data->addr_name, sizeof(data->addr_name), "%s", name);
|
||||||
|
|
||||||
data->hostent_space.h_name = data->addr_name;
|
data->hostent_space.h_name = data->addr_name;
|
||||||
data->hostent_space.h_length = sizeof(in_addr_t);
|
data->hostent_space.h_length = sizeof(in_addr_t);
|
||||||
|
Loading…
Reference in New Issue
Block a user