From 7f2863196fae628786938b3ea6e90fcc1aeab179 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 1 May 2018 15:52:35 +1000 Subject: [PATCH 1/3] check that order is non NULL before calling strtok_r --- lib/irs/getaddrinfo.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/lib/irs/getaddrinfo.c b/lib/irs/getaddrinfo.c index ed62c391b6..e67f9bbbfe 100644 --- a/lib/irs/getaddrinfo.c +++ b/lib/irs/getaddrinfo.c @@ -9,8 +9,6 @@ * information regarding copyright ownership. */ -/* $Id: getaddrinfo.c,v 1.3 2009/09/02 23:48:02 tbox Exp $ */ - /*! \file */ /** @@ -1070,22 +1068,24 @@ set_order(int family, int (**net_order)(const char *, int, struct addrinfo **, } else { order = getenv("NET_ORDER"); found = 0; - last = NULL; - for (tok = strtok_r(order, ":", &last); - tok; - tok = strtok_r(NULL, ":", &last)) - { - if (strcasecmp(tok, "inet6") == 0) { - if ((found & FOUND_IPV6) == 0) { - *net_order++ = add_ipv6; + if (order != NULL) { + last = NULL; + for (tok = strtok_r(order, ":", &last); + tok; + tok = strtok_r(NULL, ":", &last)) + { + if (strcasecmp(tok, "inet6") == 0) { + if ((found & FOUND_IPV6) == 0) { + *net_order++ = add_ipv6; + } + found |= FOUND_IPV6; + } else if (strcasecmp(tok, "inet") == 0 || + strcasecmp(tok, "inet4") == 0) { + if ((found & FOUND_IPV4) == 0) { + *net_order++ = add_ipv4; + } + found |= FOUND_IPV4; } - found |= FOUND_IPV6; - } else if (strcasecmp(tok, "inet") == 0 || - strcasecmp(tok, "inet4") == 0) { - if ((found & FOUND_IPV4) == 0) { - *net_order++ = add_ipv4; - } - found |= FOUND_IPV4; } } From 8801c65a4b411616473b27e349b50446f59f2d98 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 1 May 2018 16:03:46 +1000 Subject: [PATCH 2/3] insist option != NULL and initalise last to NULL --- bin/delv/delv.c | 4 +++- bin/dig/dig.c | 4 +++- bin/tools/mdig.c | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/bin/delv/delv.c b/bin/delv/delv.c index 2e338e3b45..38af967357 100644 --- a/bin/delv/delv.c +++ b/bin/delv/delv.c @@ -962,9 +962,11 @@ parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max, static void plus_option(char *option) { isc_result_t result; - char *cmd, *value, *last; + char *cmd, *value, *last = NULL; isc_boolean_t state = ISC_TRUE; + INSIST(option != NULL); + cmd = strtok_r(option, "=", &last); if (cmd == NULL) { printf(";; Invalid option %s\n", option); diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 4546e43e31..197718e8a4 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -735,11 +735,13 @@ plus_option(char *option, isc_boolean_t is_batchfile, dig_lookup_t *lookup) { isc_result_t result; - char *cmd, *value, *last, *code, *extra; + char *cmd, *value, *last = NULL, *code, *extra; isc_uint32_t num; isc_boolean_t state = ISC_TRUE; size_t n; + INSIST(option != NULL); + if ((cmd = strtok_r(option, "=", &last)) == NULL) { printf(";; Invalid option %s\n", option); return; diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c index a915ec1e4a..3b4c067c75 100644 --- a/bin/tools/mdig.c +++ b/bin/tools/mdig.c @@ -1025,11 +1025,13 @@ static void plus_option(char *option, struct query *query, isc_boolean_t global) { isc_result_t result; - char *cmd, *value, *last, *code; + char *cmd, *value, *last = NULL, *code; isc_uint32_t num; isc_boolean_t state = ISC_TRUE; size_t n; + INSIST(option != NULL); + if ((cmd = strtok_r(option, "=", &last)) == NULL) { printf(";; Invalid option %s\n", option); return; From 5613c3441f1ab9ae37c9bf597a111a70662d5693 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 1 May 2018 16:05:01 +1000 Subject: [PATCH 3/3] if _headers is NULL don't process If-Modified-Since --- bin/named/statschannel.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c index 8e89196fcf..47f7faa68b 100644 --- a/bin/named/statschannel.c +++ b/bin/named/statschannel.c @@ -3122,6 +3122,10 @@ render_xsl(const char *url, isc_httpdurl_t *urlinfo, const char *if_modified_since = "If-Modified-Since: "; _headers = strdup(headers); + if (_headers == NULL) { + goto send; + } + saveptr = NULL; for (line = strtok_r(_headers, "\n", &saveptr); line;