The attached patch fixes a bug in ares_parse_ptr_reply() which would cause a
buffer to shrink instead of expand if a reply contained 8 or more records. You
should be able to reproduce the bug by running "ahost 65.39.176.71".
Index: ares_parse_ptr_reply.c
===================================================================
RCS file: /cvsroot/curl/curl/ares/ares_parse_ptr_reply.c,v
retrieving revision 1.18
diff -b -u -r1.18 ares_parse_ptr_reply.c
--- ares_parse_ptr_reply.c 15 Nov 2008 23:07:35 -0000 1.18
+++ ares_parse_ptr_reply.c 25 Nov 2008 02:40:04 -0000
@@ -55,6 +55,7 @@
char *ptrname, *hostname, *rr_name, *rr_data;
struct hostent *hostent;
int aliascnt = 0;
+ int alias_alloc = 8;
char ** aliases;
/* Set *host to NULL for all failure cases. */
@@ -84,7 +85,7 @@
/* Examine each answer resource record (RR) in turn. */
hostname = NULL;
- aliases = malloc(8 * sizeof(char *));
+ aliases = malloc(alias_alloc * sizeof(char *));
if (!aliases)
{
free(ptrname);
@@ -125,9 +126,10 @@
}
strncpy(aliases[aliascnt], rr_data, strlen(rr_data)+1);
aliascnt++;
- if ((aliascnt%8)==0) {
+ if (aliascnt >= alias_alloc) {
char **ptr;
- ptr = realloc(aliases, (aliascnt/16+1) * sizeof(char *));
+ alias_alloc *= 2;
+ ptr = realloc(aliases, alias_alloc * sizeof(char *));
if(!ptr) {
status = ARES_ENOMEM;
break;
Received on 2008-11-25