getservbyport_r: fix out-of-bounds buffer read

[musl] / src / network / getservbyport_r.c

diff --git a/src/network/getservbyport_r.c b/src/network/getservbyport_r.c
index a0a7cae..d3a22b8 100644 (file)
--- a/src/network/getservbyport_r.c
+++ b/src/network/getservbyport_r.c
@@ -5,6 +5,7 @@
 #include <inttypes.h>
 #include <errno.h>
 #include <string.h>
+#include <stdlib.h>
 
 int getservbyport_r(int port, const char *prots,
        struct servent *se, char *buf, size_t buflen, struct servent **res)
@@ -20,11 +21,12 @@ int getservbyport_r(int port, const char *prots,
                if (r) r = getservbyport_r(port, "udp", se, buf, buflen, res);
                return r;
        }
+       *res = 0;
 
        /* Align buffer */
        i = (uintptr_t)buf & sizeof(char *)-1;
        if (!i) i = sizeof(char *);
-       if (buflen < 3*sizeof(char *)-i)
+       if (buflen <= 3*sizeof(char *)-i)
                return ERANGE;
        buf += sizeof(char *)-i;
        buflen -= sizeof(char *)-i;
@@ -50,6 +52,9 @@ int getservbyport_r(int port, const char *prots,
                break;
        }
 
+       /* A numeric port string is not a service record. */
+       if (strtol(buf, 0, 10)==ntohs(port)) return ENOENT;
+
        *res = se;
        return 0;
 }