[krbdev.mit.edu #2759] fake-getaddrinfo.h incorrectly checks for gethostbyname_r errors

[The RT System itself via RT]

>From krb5-bugs-incoming-bounces at mit.edu  Tue Nov  2 13:29:01 2004
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
	id NAA01452; Tue, 2 Nov 2004 13:29:01 -0500 (EST)
Received: from pch.mit.edu (localhost [127.0.0.1])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id iA2IT1Xn026901
	for <krb5-send-pr at krbdev.mit.edu>; Tue, 2 Nov 2004 13:29:01 -0500 (EST)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
	[18.7.7.76])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id iA20QoXn001189
	for <krb5-bugs-incoming at PCH.mit.edu>;
	Mon, 1 Nov 2004 19:26:50 -0500 (EST)
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	iA20QnfS011246
	for <krb5-bugs at mit.edu>; Mon, 1 Nov 2004 19:26:49 -0500 (EST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	[172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id iA20Qm2W022293
	for <krb5-bugs at mit.edu>; Mon, 1 Nov 2004 19:26:48 -0500
Received: from devserv.devel.redhat.com (devserv.devel.redhat.com
	[172.16.58.1])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id iA20Qhr03050
	for <krb5-bugs at mit.edu>; Mon, 1 Nov 2004 19:26:43 -0500
Received: from axe.boston.redhat.com (axe.boston.redhat.com [172.16.80.51])
	iA20QeT5000611
	for <krb5-bugs at mit.edu>; Mon, 1 Nov 2004 19:26:40 -0500
Received: from axe.boston.redhat.com (localhost.localdomain [127.0.0.1])
	by axe.boston.redhat.com (8.13.1/8.13.1) with ESMTP id iA20F3Yp015843
	for <krb5-bugs at mit.edu>; Mon, 1 Nov 2004 19:15:03 -0500
Received: (from nalin at localhost)
	by axe.boston.redhat.com (8.13.1/8.13.1/Submit) id iA20F3xD015842;
	Mon, 1 Nov 2004 19:15:03 -0500
Date: Mon, 1 Nov 2004 19:15:03 -0500
Message-Id: <200411020015.iA20F3xD015842 at axe.boston.redhat.com>
To: krb5-bugs at mit.edu
From: nalin at redhat.com
X-send-pr-version: 3.99
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Tue, 02 Nov 2004 13:29:00 -0500
Subject: error checking result of gethostbyname_r
X-BeenThere: krb5-bugs-incoming at mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: nalin at redhat.com
Sender: krb5-bugs-incoming-bounces at mit.edu
Errors-To: krb5-bugs-incoming-bounces at mit.edu

>Submitter-Id:	net
>Originator:	Nalin Dahyabhai
>Organization:
>Confidential:	no
>Synopsis:	fake-getaddrinfo.h incorrectly checks for gethostbyname_r errors
>Severity:	serious
>Priority:	medium
>Category:	krb5-appl
>Class:		sw-bug
>Release:	krb5-1.3.4
>Environment:
	
System: Linux axe.boston.redhat.com 2.6.8-1.624smp #1 SMP Thu Oct 14 21:16:29 EDT 2004 i686 i686 i386 GNU/Linux
Architecture: i686

>Description:
	When GETHOSTBYNAME_R_RETURNS_INT is set by configure, the current
	implementation of GET_HOST_BY_NAME checks for errors from
	gethostbyname_r by checking its result code.  An error has also
	occurred if my_hp has not been set to point to my_h_ent.
>How-To-Repeat:
	On my setup, configuring a host with only an IPv6 address in
	/etc/hosts was enough to trigger the bug.
>Fix:
	In addition to checking if the numeric result returned by
	gethostbyname_r is non-zero, check that my_hp has been set to
	point to my_h_ent.  Suggested patch:

--- src/include/fake-addrinfo.h	2004-09-02 18:59:42.000000000 -0400
+++ src/include/fake-addrinfo.h	2004-11-01 19:17:30.127252336 -0500
@@ -187,24 +187,27 @@ extern /*@dependent@*/ char *gai_strerro
 #ifdef GETHOSTBYNAME_R_RETURNS_INT
 #define GET_HOST_BY_NAME(NAME, HP, ERR) \
     {									\
-	struct hostent my_h_ent, *my_hp;				\
-	int my_h_err;							\
+	struct hostent my_h_ent, *my_hp = NULL;				\
+	int my_h_err, my_ret;						\
 	char my_h_buf[8192];						\
-	(HP) = (gethostbyname_r((NAME), &my_h_ent,			\
-				my_h_buf, sizeof (my_h_buf), &my_hp,	\
-				&my_h_err)				\
+	my_ret = (gethostbyname_r((NAME), &my_h_ent,			\
+				  my_h_buf, sizeof (my_h_buf), &my_hp,	\
+				  &my_h_err));				\
+	(HP) = (((my_ret != 0) || (my_hp != &my_h_ent))			\
 		? 0							\
 		: &my_h_ent);						\
 	(ERR) = my_h_err;						\
     }
 #define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \
     {									\
-	struct hostent my_h_ent, *my_hp;				\
-	int my_h_err;							\
+	struct hostent my_h_ent, *my_hp = NULL;				\
+	int my_h_err, my_ret;						\
 	char my_h_buf[8192];						\
-	(HP) = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &my_h_ent,	\
-				my_h_buf, sizeof (my_h_buf), &my_hp,	\
-				&my_h_err)				\
+	my_ret = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY),		\
+				  &my_h_ent,				\
+				  my_h_buf, sizeof (my_h_buf), &my_hp,	\
+				  &my_h_err));				\
+	(HP) = (((my_ret != 0) || (my_hp != &my_h_ent))			\
 		? 0							\
 		: &my_h_ent);						\
 	(ERR) = my_h_err;						\