prevent CNAME/PTR parsing from reading data past the response end

[musl] / src / stdio / __stdio_read.c

diff --git a/src/stdio/__stdio_read.c b/src/stdio/__stdio_read.c
index ee7e125..ea675da 100644 (file)
--- a/src/stdio/__stdio_read.c
+++ b/src/stdio/__stdio_read.c
@@ -1,6 +1,24 @@
 #include "stdio_impl.h"
+#include <sys/uio.h>
 
 size_t __stdio_read(FILE *f, unsigned char *buf, size_t len)
 {
-       return __syscall_read(f->fd, buf, len);
+       struct iovec iov[2] = {
+               { .iov_base = buf, .iov_len = len - !!f->buf_size },
+               { .iov_base = f->buf, .iov_len = f->buf_size }
+       };
+       ssize_t cnt;
+
+       cnt = iov[0].iov_len ? syscall(SYS_readv, f->fd, iov, 2)
+               : syscall(SYS_read, f->fd, iov[1].iov_base, iov[1].iov_len);
+       if (cnt <= 0) {
+               f->flags |= cnt ? F_ERR : F_EOF;
+               return 0;
+       }
+       if (cnt <= iov[0].iov_len) return cnt;
+       cnt -= iov[0].iov_len;
+       f->rpos = f->buf;
+       f->rend = f->buf + cnt;
+       if (f->buf_size) buf[len-1] = *f->rpos++;
+       return len;
 }