1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
--- whois-4.7.2/whois.c
+++ whois-4.7.2/whois.c
@@ -76,7 +76,7 @@ int main(int argc, char *argv[])
/* RIPE flags */
if (strchr(ripeflags, ch)) {
for (p = fstring; *p; p++);
- sprintf(p--, "-%c ", ch);
+ snprintf(p--, sizeof(fstring), "-%c ", ch);
continue;
}
if (strchr(ripeflagsp, ch)) {
@@ -121,7 +121,7 @@ int main(int argc, char *argv[])
usage();
/* On some systems realloc only works on non-NULL buffers */
- qstring = malloc(64);
+ qstring = xmalloc(64);
*qstring = '\0';
/* parse other parameters, if any */
@@ -130,11 +130,11 @@ int main(int argc, char *argv[])
while (1) {
qslen += strlen(*argv) + 1 + 1;
- qstring = realloc(qstring, qslen);
- strcat(qstring, *argv++);
+ qstring = xrealloc(qstring, qslen);
+ strncat(qstring, *argv++, qslen-1);
if (argc == 1)
break;
- strcat(qstring, " ");
+ strncat(qstring, " ", qslen-1);
argc--;
}
}
@@ -428,8 +428,10 @@ char *queryformat(const char *server, co
char *buf;
int i, isripe = 0;
+ /* buflen was always 0 in original patch and buf was allocated twice /Aye */
/* 64 bytes reserved for server-specific flags added later */
- buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);
+ int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64;
+ buf = xmalloc(buflen);
*buf = '\0';
for (i = 0; ripe_servers[i]; i++)
if (strcmp(server, ripe_servers[i]) == 0) {
@@ -442,7 +444,7 @@ char *queryformat(const char *server, co
if (*flags) {
if (!isripe && strcmp(server, "whois.corenic.net") != 0)
puts(_("Warning: RIPE flags used with a traditional server."));
- strcat(buf, flags);
+ strncat(buf, flags, buflen-1);
}
#ifdef HAVE_LIBIDN
@@ -451,21 +453,21 @@ char *queryformat(const char *server, co
*/
if (isripe && strcmp(server, "whois.denic.de") == 0 && domcmp(query, ".de")
&& !strchr(query, ' ') && !*flags)
- sprintf(buf, "-T dn,ace -C US-ASCII %s", query);
+ snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query);
else
#endif
if (!isripe && (strcmp(server, "whois.nic.mil") == 0 ||
strcmp(server, "whois.nic.ad.jp") == 0) &&
strncasecmp(query, "AS", 2) == 0 && isasciidigit(query[2]))
/* FIXME: /e is not applied to .JP ASN */
- sprintf(buf, "AS %s", query + 2); /* fix query for DDN */
+ snprintf(buf, buflen-1, "AS %s", query + 2); /* fix query for DDN */
else if (!isripe && (strcmp(server, "whois.nic.ad.jp") == 0 ||
strcmp(server, "whois.jprs.jp") == 0)) {
char *lang = getenv("LANG"); /* not a perfect check, but... */
if (!lang || (strncmp(lang, "ja", 2) != 0))
- sprintf(buf, "%s/e", query); /* ask for english text */
+ snprintf(buf, buflen-1, "%s/e", query); /* ask for english text */
else
- strcat(buf, query);
+ strncat(buf, query, buflen-1);
} else
strcat(buf, query);
return buf;
@@ -533,7 +535,7 @@ const char *do_query(const int sock, con
if (sscanf(buf, REFERTO_FORMAT, nh, np, nq) == 3) {
/* XXX we are ignoring the new query string */
- referral_server = malloc(300);
+ referral_server = xmalloc(300);
sprintf(referral_server, "%s:%s", nh, np);
}
}
@@ -582,7 +584,7 @@ const char *query_crsnic(const int sock,
int hide = hide_discl;
int state = 0;
- temp = malloc(strlen(query) + 1 + 2 + 1);
+ temp = xmalloc(strlen(query) + 1 + 2 + 1);
*temp = '=';
strcpy(temp + 1, query);
strcat(temp, "\r\n");
@@ -600,7 +602,7 @@ const char *query_crsnic(const int sock,
for (p = buf; *p != ':'; p++); /* skip until colon */
for (p++; *p == ' '; p++); /* skip colon and spaces */
- ret = malloc(strlen(p) + 1);
+ ret = xmalloc(strlen(p) + 1);
for (q = ret; *p != '\n' && *p != '\r' && *p != ' '; *q++ = *p++)
; /*copy data*/
*q = '\0';
@@ -625,7 +627,7 @@ const char *query_pir(const int sock, co
int hide = hide_discl;
int state = 0;
- temp = malloc(strlen(query) + 5 + 2 + 1);
+ temp = xmalloc(strlen(query) + 5 + 2 + 1);
strcpy(temp, "FULL ");
strcat(temp, query);
strcat(temp, "\r\n");
@@ -646,7 +648,7 @@ const char *query_pir(const int sock, co
for (p = buf; *p != ':'; p++); /* skip until colon */
for (p++; *p != ':'; p++); /* skip until 2nd colon */
for (p++; *p == ' '; p++); /* skip colon and spaces */
- ret = malloc(strlen(p) + 1);
+ ret = xmalloc(strlen(p) + 1);
for (q = ret; *p != '\n' && *p != '\r'; *q++ = *p++); /*copy data*/
*q = '\0';
state = 2;
@@ -785,7 +787,7 @@ void split_server_port(const char *const
char *convert_6to4(const char *s)
{
- char *new = malloc(sizeof("255.255.255.255"));
+ char *new = xmalloc(sizeof("255.255.255.255"));
unsigned int a, b;
if (sscanf(s, "2002:%x:%x:", &a, &b) != 2)
@@ -848,6 +850,21 @@ void usage(void)
exit(0);
}
+/* Memory allocation routines */
+void *xmalloc(size_t size)
+{
+ void *ptr;
+ if ((ptr = malloc(size)) == NULL)
+ err_sys("malloc");
+ return ptr;
+}
+
+void *xrealloc(void *ptr, size_t size)
+{
+ if ((ptr = realloc(ptr, size)) == NULL)
+ err_sys("realloc");
+ return ptr;
+}
/* Error routines */
void err_sys(const char *fmt, ...)
--- whois-4.7.2/whois.h
+++ whois-4.7.2/whois.h
@@ -32,6 +32,8 @@ const char *handle_query(const char *ser
void split_server_port(const char *const input, const char **server,
const char **port);
+void *xmalloc(size_t);
+void *xrealloc(void *, size_t);
void err_quit(const char *,...);
void err_sys(const char *,...);
|
GitWeb