diff options
| author | cdn@chromium.org <cdn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-07 01:13:28 +0000 |
|---|---|---|
| committer | cdn@chromium.org <cdn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-07 01:13:28 +0000 |
| commit | 3eac24a2b4c9438196899e62ac2f3ae5f03ba039 (patch) | |
| tree | 6deb5084bd8667b7776ad8001c81dfb9d483d11e /net | |
| parent | 8df162ae8daedfa09971f7b59420212df505a2b7 (diff) | |
| download | chromium_src-3eac24a2b4c9438196899e62ac2f3ae5f03ba039.zip chromium_src-3eac24a2b4c9438196899e62ac2f3ae5f03ba039.tar.gz chromium_src-3eac24a2b4c9438196899e62ac2f3ae5f03ba039.tar.bz2 | |
Added defense in depth mechanism to host resolver to prevent long hostnames from getting into glibc's getaddrinfo.
BUG=50383
TEST=HostResolverImplTest.LongHost
Review URL: http://codereview.chromium.org/3052044
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55319 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/host_resolver_impl_unittest.cc | 15 | ||||
| -rw-r--r-- | net/base/host_resolver_proc.cc | 7 |
2 files changed, 22 insertions, 0 deletions
diff --git a/net/base/host_resolver_impl_unittest.cc b/net/base/host_resolver_impl_unittest.cc index 6b33a56..be0e2cb 100644 --- a/net/base/host_resolver_impl_unittest.cc +++ b/net/base/host_resolver_impl_unittest.cc @@ -437,6 +437,21 @@ TEST_F(HostResolverImplTest, EmptyHost) { EXPECT_EQ(ERR_NAME_NOT_RESOLVED, err); } +TEST_F(HostResolverImplTest, LongHost) { + scoped_refptr<RuleBasedHostResolverProc> resolver_proc = + new RuleBasedHostResolverProc(NULL); + resolver_proc->AllowDirectLookup("*"); + + scoped_refptr<HostResolver> host_resolver( + CreateHostResolverImpl(resolver_proc)); + AddressList adrlist; + const int kPortnum = 5555; + std::string hostname(4097, 'a'); + HostResolver::RequestInfo info(hostname, kPortnum); + int err = host_resolver->Resolve(info, &adrlist, NULL, NULL, BoundNetLog()); + EXPECT_EQ(ERR_NAME_NOT_RESOLVED, err); +} + // Helper class used by HostResolverImplTest.DeDupeRequests. It receives request // completion notifications for all the resolves, so it can tally up and // determine when we are done. diff --git a/net/base/host_resolver_proc.cc b/net/base/host_resolver_proc.cc index 39d4fc4..9ae4020 100644 --- a/net/base/host_resolver_proc.cc +++ b/net/base/host_resolver_proc.cc @@ -83,6 +83,8 @@ int SystemHostResolverProc(const std::string& host, HostResolverFlags host_resolver_flags, AddressList* addrlist, int* os_error) { + static const size_t kMaxHostLength = 4096; + if (os_error) *os_error = 0; @@ -92,6 +94,11 @@ int SystemHostResolverProc(const std::string& host, if (host.empty()) return ERR_NAME_NOT_RESOLVED; + // Limit the size of hostnames that will be resolved to combat issues in some + // platform's resolvers. + if (host.size() > kMaxHostLength) + return ERR_NAME_NOT_RESOLVED; + struct addrinfo* ai = NULL; struct addrinfo hints = {0}; |