getservbyport_r: fix out-of-bounds buffer read

[musl] / src / network / gethostbyname2_r.c

diff --git a/src/network/gethostbyname2_r.c b/src/network/gethostbyname2_r.c
index 81f71d2..a5eb67f 100644 (file)
--- a/src/network/gethostbyname2_r.c
+++ b/src/network/gethostbyname2_r.c
@@ -22,7 +22,10 @@ int gethostbyname2_r(const char *name, int af,
        if (cnt<0) switch (cnt) {
        case EAI_NONAME:
                *err = HOST_NOT_FOUND;
-               return ENOENT;
+               return 0;
+       case EAI_NODATA:
+               *err = NO_DATA;
+               return 0;
        case EAI_AGAIN:
                *err = TRY_AGAIN;
                return EAGAIN;
@@ -30,12 +33,9 @@ int gethostbyname2_r(const char *name, int af,
        case EAI_FAIL:
                *err = NO_RECOVERY;
                return EBADMSG;
-       case EAI_MEMORY:
        case EAI_SYSTEM:
                *err = NO_RECOVERY;
                return errno;
-       case 0:
-               break;
        }
 
        h->h_addrtype = af;
@@ -58,6 +58,13 @@ int gethostbyname2_r(const char *name, int af,
        h->h_addr_list = (void *)buf;
        buf += (cnt+1)*sizeof(char *);
 
+       for (i=0; i<cnt; i++) {
+               h->h_addr_list[i] = (void *)buf;
+               buf += h->h_length;
+               memcpy(h->h_addr_list[i], addrs[i].addr, h->h_length);
+       }
+       h->h_addr_list[i] = 0;
+
        h->h_name = h->h_aliases[0] = buf;
        strcpy(h->h_name, canon);
        buf += strlen(h->h_name)+1;
@@ -70,13 +77,6 @@ int gethostbyname2_r(const char *name, int af,
 
        h->h_aliases[2] = 0;
 
-       for (i=0; i<cnt; i++) {
-               h->h_addr_list[i] = (void *)buf;
-               buf += h->h_length;
-               memcpy(h->h_addr_list[i], addrs[i].addr, h->h_length);
-       }
-       h->h_addr_list[i] = 0;
-
        *res = h;
        return 0;
 }