From 40141b3f3891e86541544848f65ea57fef41cedd Mon Sep 17 00:00:00 2001 From: Evgeny Ermakov Date: Thu, 6 Feb 2020 07:46:29 +1100 Subject: Fix possible use after free --- src/platform/posix/posix_resolv_gai.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/platform/posix') diff --git a/src/platform/posix/posix_resolv_gai.c b/src/platform/posix/posix_resolv_gai.c index a89c4623..5cec0570 100644 --- a/src/platform/posix/posix_resolv_gai.c +++ b/src/platform/posix/posix_resolv_gai.c @@ -257,13 +257,15 @@ resolv_ip(const char *host, const char *serv, int passive, int family, // NB: must remain valid until this is completed. So we have to // keep our own copy. - if (host == NULL) { - item->name = NULL; - - } else if (nni_strnlen(host, sizeof(item->name_buf)) >= + if (host != NULL && nni_strnlen(host, sizeof(item->name_buf)) >= sizeof(item->name_buf)) { NNI_FREE_STRUCT(item); nni_aio_finish_error(aio, NNG_EADDRINVAL); + return; + } + + if (host == NULL) { + item->name = NULL; } else { nni_strlcpy(item->name_buf, host, sizeof(item->name_buf)); item->name = item->name_buf; -- cgit v1.2.3-70-g09d2