From 11855a65c4d9e3e458c86e459662e0c8ce30da9c Mon Sep 17 00:00:00 2001 From: Brad House Date: Tue, 7 May 2024 12:25:02 -0400 Subject: [PATCH] ares_getnameinfo(): loosen validation on salen salen validation should be greater than or equal to the required storage size. Its not uncommon to use `struct sockaddr_storage` in modern code which is definitely larger than `struct sockaddr_in` and on some systems even larger than `struct sockaddr_in6`. Fixes Issue: #752 Fix By: Brad House (@bradh352) --- src/lib/ares_getnameinfo.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/lib/ares_getnameinfo.c b/src/lib/ares_getnameinfo.c index 8889e9ee..f4f76bef 100644 --- a/src/lib/ares_getnameinfo.c +++ b/src/lib/ares_getnameinfo.c @@ -98,11 +98,12 @@ static void ares_getnameinfo_int(ares_channel_t *channel, unsigned int flags = (unsigned int)flags_int; /* Validate socket address family and length */ - if ((sa->sa_family == AF_INET) && (salen == sizeof(struct sockaddr_in))) { + if (sa && sa->sa_family == AF_INET && + salen >= sizeof(struct sockaddr_in)) { addr = CARES_INADDR_CAST(struct sockaddr_in *, sa); port = addr->sin_port; - } else if ((sa->sa_family == AF_INET6) && - (salen == sizeof(struct sockaddr_in6))) { + } else if (sa && sa->sa_family == AF_INET6 && + salen >= sizeof(struct sockaddr_in6)) { addr6 = CARES_INADDR_CAST(struct sockaddr_in6 *, sa); port = addr6->sin6_port; } else {