fix rejection of dns responses with pointers past 512 byte offset

[musl] / src / passwd / nscd_query.c

diff --git a/src/passwd/nscd_query.c b/src/passwd/nscd_query.c
index 69a7815..dc3406b 100644 (file)
--- a/src/passwd/nscd_query.c
+++ b/src/passwd/nscd_query.c
@@ -32,6 +32,7 @@ FILE *__nscd_query(int32_t req, const char *key, int32_t *buf, size_t len, int *
                },
                .msg_iovlen = 2
        };
+       int errno_save = errno;
 
        *swap = 0;
 retry:
@@ -39,7 +40,15 @@ retry:
        buf[0] = NSCDVERSION;
 
        fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
-       if (fd < 0) return NULL;
+       if (fd < 0) {
+               if (errno == EAFNOSUPPORT) {
+                       f = fopen("/dev/null", "re");
+                       if (f)
+                               errno = errno_save;
+                       return f;
+               }
+               return 0;
+       }
 
        if(!(f = fdopen(fd, "r"))) {
                close(fd);
@@ -50,11 +59,14 @@ retry:
                return f;
 
        if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
-               /* If there isn't a running nscd we return -1 to indicate that
-                * that is precisely what happened
-                */
-               if (errno == EACCES || errno == ECONNREFUSED || errno == ENOENT)
+               /* If there isn't a running nscd we simulate a "not found"
+                * result and the caller is responsible for calling
+                * fclose on the (unconnected) socket. The value of
+                * errno must be left unchanged in this case.  */
+               if (errno == EACCES || errno == ECONNREFUSED || errno == ENOENT) {
+                       errno = errno_save;
                        return f;
+               }
                goto error;
        }