Only in m:\bind496rel/BSD: BIND
diff --recurs m:\bind496rel/BSD/README m:\bind497t1/BSD/README
5c5
< $Id: README,v 8.1 1994/12/15 06:23:43 vixie Exp vixie $
---
> $Id: README,v 8.2 1997/06/24 06:43:51 vixie Exp $
diff --recurs m:\bind496rel/CHANGES m:\bind497t1/CHANGES
1c1,13
< $Id: CHANGES,v 8.53 1997/06/01 20:34:25 vixie Exp vixie $
---
> $Id: CHANGES,v 8.56 1998/04/07 04:59:42 vixie Exp $
> 
> 	--- 4.9.7-T1A released ---
> 
> 808. [security]	A number of routines did insufficient bounds checking which
> 		could cause crashes by reading from an invalid memory
> 		location. (From BIND-8).
> 
> 807. [bug]	The server sometimes leaked the flushset (ns_resp.c).
> 		(From BIND-8).
> 
> 806. [bug]	add_related_additional() leaked memory if the name
> 		was already in the related array.  (From BIND-8).
Only in m:\bind496rel: CHANGES.orig
Only in m:\bind496rel: HANGES.ORIG
diff --recurs m:\bind496rel/INSTALL m:\bind497t1/INSTALL
1c1
< $Id: INSTALL,v 8.8 1997/06/01 20:34:25 vixie Exp vixie $
---
> $Id: INSTALL,v 8.9 1997/06/24 06:43:50 vixie Exp $
diff --recurs m:\bind496rel/Makefile m:\bind497t1/Makefile
4c4
< # $Id: Makefile,v 8.49 1997/06/01 20:34:25 vixie Exp vixie $
---
> # $Id: Makefile,v 8.52 1998/04/07 04:59:42 vixie Exp $
6,7c6,7
< ## Copyright (c) 1989
< ##    The Regents of the University of California.  All rights reserved.
---
> ## Copyright (c) 1989
> ##    The Regents of the University of California.  All rights reserved.
9,13c9,13
< ## Redistribution and use in source and binary forms, with or without
< ## modification, are permitted provided that the following conditions
< ## are met:
< ## 1. Redistributions of source code must retain the above copyright
< ##    notice, this list of conditions and the following disclaimer.
---
> ## Redistribution and use in source and binary forms, with or without
> ## modification, are permitted provided that the following conditions
> ## are met:
> ## 1. Redistributions of source code must retain the above copyright
> ##    notice, this list of conditions and the following disclaimer.
55c55
< VER = 4.9.6-REL
---
> VER = 4.9.7-T1B
diff --recurs m:\bind496rel/README m:\bind497t1/README
1,12c1,16
< The official version of BIND is now 8.1.1.  This is 4.9.6, the last of 4.*
< which we are releasing since it has some important security bugs fixed.
< 
< The official place to get BIND is <URL:ftp://ftp.isc.org/isc/bind/src>.
< 
< The official mailing lists are:		bind-users@vix.com	- users/admins
<   (use *-request@* for admin mail)	bind-workers@vix.com	- developers
< 
< The official Usenet newsgroups are:	comp.protocols.tcp-ip.domains
< 					comp.protocols.dns.bind
< 					comp.protocols.dns.ops
< 					comp.protocols.dns.std
---
> Internet Software Consortium
> BIND Release 4.9.7 README
> $Date: 1998/04/07 04:24:01 $
> 
> The official version of ISC BIND is now 8.1.1.  This is ISC BIND 4.9.7,
> hoped to be the last of 4.*, which we are releasing since it has an important
> security bug (plus some memory leaks) fixed.
> 
> The official place to get BIND is <URL:ftp://ftp.isc.org/isc/bind/src>.
> 
> The official mailing lists are:		<bind-users@vix.com>	- users/admins
>   (use *-request@* for admin mail)	<bind-workers@vix.com>	- developers
> 
> The official Usenet newsgroups are:	<URL:news:comp.protocols.dns.bind>
> 					<URL:news:comp.protocols.dns.ops>
> 					<URL:news:comp.protocols.dns.std>
14,15c18,21
< BIND is currently maintained by:	The Internet Software Consortium
< 					(see <URL:http://www.isc.org/isc>.)
---
> BIND is maintained by:			The Internet Software Consortium
> 					(see <URL:http://www.isc.org/>)
> 
> Bug reports should be sent to:		<bind-bugs@vix.com>
Only in m:\bind496rel: bind-4.9.6-REL.tar
Only in m:\bind496rel: bind-4.9.6-REL.tar.gz
Only in m:\bind497t1: bind-4.9.7-T1B.tar
Only in m:\bind496rel/compat/include/sys: DEFS.H.ORIG
Only in m:\bind496rel/compat/include/sys: cdefs.h.orig
Only in m:\bind496rel/compat/lib: ETTIMEOFDAY.C.ORIG
Only in m:\bind496rel/compat/lib: KTEMP.C.ORIG
Only in m:\bind496rel/compat/lib: Makefile.orig
Only in m:\bind496rel/compat/lib: RITEV.C.ORIG
Only in m:\bind496rel/compat/lib: TRCASECMP.C.ORIG
Only in m:\bind496rel/compat/lib: TRERROR.C.ORIG
Only in m:\bind496rel/compat/lib: TRPBRK.C.ORIG
Only in m:\bind496rel/compat/lib: TRTOUL.C.ORIG
Only in m:\bind496rel/compat/lib: TRUNCATE.C.ORIG
Only in m:\bind496rel/compat/lib: ftruncate.c.orig
Only in m:\bind496rel/compat/lib: gettimeofday.c.orig
Only in m:\bind496rel/compat/lib: mktemp.c.orig
Only in m:\bind496rel/compat/lib: strcasecmp.c.orig
Only in m:\bind496rel/compat/lib: strerror.c.orig
Only in m:\bind496rel/compat/lib: strpbrk.c.orig
Only in m:\bind496rel/compat/lib: strtoul.c.orig
Only in m:\bind496rel/compat/lib: writev.c.orig
Only in m:\bind496rel/conf: PTIONS.H.ORIG
Only in m:\bind496rel/conf: options.h.orig
diff --recurs m:\bind496rel/conf/portability.h m:\bind497t1/conf/portability.h
402a403
> #endif
Only in m:\bind496rel/conf: portability.h.orig
Only in m:\bind496rel/conf: portability.h.rej
Only in m:\bind496rel/contrib/arlib: arlib.3.orig
diff --recurs m:\bind496rel/doc/bog/file.psf m:\bind497t1/doc/bog/file.psf
3c3
< %%CreationDate: Mon Jun 23 22:15:07 1997
---
> %%CreationDate: Mon Apr  6 22:02:10 1998
Only in m:\bind496rel/include/arpa: inet.h.orig
Only in m:\bind496rel/include/arpa: inet.h.rej
Only in m:\bind496rel/include/arpa: nameser.h.orig
Only in m:\bind496rel/include/arpa: nameser.h.rej
diff --recurs m:\bind496rel/named/named-xfer.c m:\bind497t1/named/named-xfer.c
95,96c95,96
< static char rcsid[] = "$Id: named-xfer.c,v 8.23 1997/06/01 20:34:34 vixie Exp $";
< #endif /* not lint */
---
> static char rcsid[] = "$Id: named-xfer.c,v 8.24 1998/04/07 04:59:45 vixie Exp $";
> #endif /* not lint */
98,102c98,102
< #include <sys/types.h>
< #include <sys/param.h>
< #include <sys/file.h>
< #include <sys/stat.h>
< #include <sys/socket.h>
---
> #include <sys/types.h>
> #include <sys/param.h>
> #include <sys/file.h>
> #include <sys/stat.h>
> #include <sys/socket.h>
104c104
< #include <netinet/in.h>
---
> #include <netinet/in.h>
742a743,746
> 		if (tmp + 2 * INT16SZ > eom) {
> 			badsoa_msg = "query error";
> 			goto badsoa;
> 		}
780a785,788
> 			if (cp4 + dlen > eom) {
> 				badsoa_msg = "zinfo dlen too big";
> 				goto badsoa;
> 			}
1157a1166,1167
> 	u_int dlen;
> 	u_char *rdatap;
1165c1175,1176
< 	cp += INT16SZ;	/* dlen */
---
> 	GETSHORT(dlen, cp);
> 	rdatap = cp;
1182a1194,1195
> 	if (cp != rdatap + dlen)
> 		return ("bad soa dlen");
1185a1199,1206
> #define BOUNDS_CHECK(ptr, count) \
> 	do { \
> 		if ((ptr) + (count) > eom) { \
> 			hp->rcode = FORMERR; \
> 			return (-1); \
> 		} \
> 	} while (0)
> 
1205c1226
< 	u_char *cdata;
---
> 	u_char *cdata, *rdatap;
1218a1240
> 	BOUNDS_CHECK(cp, 3 * INT16SZ + INT32SZ);
1222a1245,1246
> 	BOUNDS_CHECK(cp, dlen);
> 	rdatap = cp;
1297,1300c1321
< 			if ((eom - cp) < (5 * INT32SZ)) {
< 				hp->rcode = FORMERR;
< 				return (-1);
< 			}
---
> 			BOUNDS_CHECK(cp, 5 * INT32SZ);
1313a1335
> 		BOUNDS_CHECK(cp, INT16SZ*2);
1318a1341
> 		BOUNDS_CHECK(cp, 1);
1319a1343
> 		BOUNDS_CHECK(cp, n);
1325c1349,1351
< 		n = *cp++;
---
> 		BOUNDS_CHECK(cp, 1);
>  		n = *cp++;
> 		BOUNDS_CHECK(cp, n);
1331c1357,1359
< 		n = *cp++;
---
> 		BOUNDS_CHECK(cp, 1);
>  		n = *cp++;
> 		BOUNDS_CHECK(cp, n);
1354a1383
> 		BOUNDS_CHECK(cp, INT16SZ);
1359a1389
> 			BOUNDS_CHECK(cp, INT16SZ);
1380a1411
> 		BOUNDS_CHECK(cp, INT16SZ);
1410a1442
> 		BOUNDS_CHECK(cp, 18);
1426c1458,1459
< 		if (n > (sizeof data) - (cp1 - (u_char *)data))
---
> 		if (n > (int)((sizeof data) - (int)(cp1 - (u_char *)data))) {
> 			hp->rcode = FORMERR;
1427a1461
> 		}
1450a1485,1492
> 	if (cp != rdatap + dlen) {
> 		dprintf(1, (ddt,
> 		    "encoded rdata length is %u, but actual length was %u\n",
> 			dlen, (u_int)(cp - rdatap)));
> 		hp->rcode = FORMERR;
> 		return (-1);
> 	}
> 
diff --recurs m:\bind496rel/named/ns_ncache.c m:\bind497t1/named/ns_ncache.c
24,33c24,40
< void
< cache_n_resp(msg, msglen)
< 	u_char *msg;
< 	int msglen;
< {
< 	register struct databuf *dp;
< 	HEADER *hp;
< 	u_char *cp;
< 	char dname[MAXDNAME];
< 	int n;
---
> #define BOUNDS_CHECK(ptr, count) \
> 	do { \
> 		if ((ptr) + (count) > eom) { \
> 			return; \
> 		} \
> 	} while (0)
> 
> void
> cache_n_resp(msg, msglen)
> 	u_char *msg;
> 	int msglen;
> {
> 	register struct databuf *dp;
> 	HEADER *hp;
> 	u_char *cp, *eom, *rdatap;
> 	char dname[MAXDNAME];
> 	int n;
38a46
> 	u_int dlen;
43a52
> 	eom = msg + msglen;
45c54
< 	n = dn_expand(msg, msg + msglen, cp, dname, sizeof dname);
---
> 	n = dn_expand(msg, eom, cp, dname, sizeof dname);
51a61
> 	BOUNDS_CHECK(cp, 2 * INT16SZ);
79,80c89,90
< 		/* store ther SOA record */
< 		n = dn_skipname(tp, msg + msglen);
---
> 		/* store their SOA record */
> 		n = dn_skipname(tp, eom);
85a96
> 		BOUNDS_CHECK(tp, 3 * INT16SZ + INT32SZ);
94c105,107
< 		tp += INT16SZ;		/* dlen */
---
> 		GETSHORT(dlen, tp);	/* dlen */
> 		BOUNDS_CHECK(tp, dlen);
> 		rdatap = tp;
97c110
< 		n = dn_expand(msg, msg + msglen, tp, (char*)data, len);
---
> 		n = dn_expand(msg, eom, tp, (char*)data, len);
116c129,131
< 		bcopy(tp, cp1, n = 5 * INT32SZ);
---
> 		n = 5 * INT32SZ;
> 		BOUNDS_CHECK(tp, n);
> 		bcopy(tp, cp1, n);
119a135,139
> 		tp += n;
> 		if (tp != rdatap + dlen) {
> 			dprintf(3, (ddt, "ncache: form error 2\n"));
> 			return;
> 		}
diff --recurs m:\bind496rel/named/ns_req.c m:\bind497t1/named/ns_req.c
3,4c3,4
< static char rcsid[] = "$Id: ns_req.c,v 8.28 1997/06/01 20:34:34 vixie Exp $";
< #endif /* not lint */
---
> static char rcsid[] = "$Id: ns_req.c,v 8.29 1998/04/07 04:59:45 vixie Exp $";
> #endif /* not lint */
7c7
<  * ++Copyright++ 1986, 1988, 1990
---
>  * ++Copyright++ 1986, 1988, 1990
9,10c9,10
<  * Copyright (c) 1986, 1988, 1990
<  *    The Regents of the University of California.  All rights reserved.
---
>  * Copyright (c) 1986, 1988, 1990
>  *    The Regents of the University of California.  All rights reserved.
12c12
<  * Redistribution and use in source and binary forms, with or without
---
>  * Redistribution and use in source and binary forms, with or without
330a331,335
> 	if (*cpp + 2 * INT16SZ > eom) {
> 		dprintf(1, (ddt, "FORMERR notify too short"));
> 		hp->rcode = FORMERR;
> 		return (Finish);
> 	}
464,466c469
< 	GETSHORT(type, *cpp);
< 	GETSHORT(class, *cpp);
< 	if (*cpp > eom) {
---
> 	if (*cpp + 2 * INT16SZ > eom) {
470a474,475
> 	GETSHORT(type, *cpp);
> 	GETSHORT(class, *cpp);
992a998,1002
> 	if (*cpp + 3 * INT16SZ + INT32SZ > eom) {
> 		dprintf(1, (ddt, "FORMERR IQuery message too short"));
> 		hp->rcode = FORMERR;
> 		return (Finish);
> 	}
1010c1020
< 		if (!fake_iquery)
---
> 		if (!fake_iquery || dlen != INT32SZ)
1024c1034,1037
< 	bcopy(fname, anbuf, alen = (char *)*cpp - fname);
---
> 	alen = (char *)*cpp - fname;
> 	if ((size_t)alen > sizeof anbuf)
> 		return (Refuse);
> 	bcopy(fname, anbuf, alen);
1070a1084,1087
> 				if (*cpp + 2 * INT16SZ > dnbuf + *buflenp) {
> 					hp->tc = 1;
> 					return (Finish);
> 				}
1258a1276,1277
> 	if (buflen < 0)
> 		return (-1);
1271a1291,1292
> 	if (buflen < 0)
> 		return (-1);
1310a1332,1333
> 		if (buflen < 0)
> 			return (-1);
1329,1331d1351
<  		if ((buflen -= INT16SZ) < 0)
< 			return (-1);
< 
1332a1353,1355
> 		buflen -= INT16SZ;
> 		if (buflen < 0)
> 			return (-1);
1339a1363,1365
> 		buflen -= INT16SZ;
> 		if (buflen < 0)
> 			return (-1);
1347a1374,1376
> 		buflen -= n + 1;
> 		if (buflen < 0)
> 			return (-1);
1357a1387,1389
> 		buflen -= n + 1;
> 		if (buflen < 0)
> 			return (-1);
1366a1399,1401
> 		buflen -= n + 1;
> 		if (buflen < 0)
> 			return (-1);
1404a1440,1442
> 			buflen -= INT16SZ*2;
> 			if (buflen < 0)
> 				return (-1);
diff --recurs m:\bind496rel/named/ns_resp.c m:\bind497t1/named/ns_resp.c
3,4c3,4
< static char rcsid[] = "$Id: ns_resp.c,v 8.38 1997/06/01 20:34:34 vixie Exp vixie $";
< #endif /* not lint */
---
> static char rcsid[] = "$Id: ns_resp.c,v 8.41 1998/04/07 04:59:45 vixie Exp $";
> #endif /* not lint */
7c7
<  * ++Copyright++ 1986, 1988, 1990
---
>  * ++Copyright++ 1986, 1988, 1990
9,10c9,10
<  * Copyright (c) 1986, 1988, 1990
<  *    The Regents of the University of California.  All rights reserved.
---
>  * Copyright (c) 1986, 1988, 1990
>  *    The Regents of the University of California.  All rights reserved.
12c12
<  * Redistribution and use in source and binary forms, with or without
---
>  * Redistribution and use in source and binary forms, with or without
135c135,136
< 			flushrrset __P((struct flush_set *));
---
> 			flushrrset __P((struct flush_set *)),
> 			free_flushset __P((struct flush_set *));
242c243
< 	struct flush_set *flushset;
---
> 	struct flush_set *flushset = NULL;
267,268d267
< 	free_related_additional();
< 
304a304,307
> 		if (cp + 2 * INT16SZ > eom) {
> 			formerrmsg = outofDataQuery;
> 			goto formerr;
> 		}
584,585c587
< 		GETSHORT(type, tp);
< 		if (tp >= eom) {
---
> 		if (tp + 2 * INT16SZ > eom) {
588a591
> 		GETSHORT(type, tp);
590,593d592
< 		if (tp >= eom) {
< 			formerrmsg = outofDataAuth;
< 			goto formerr;
< 		}
647a647
> 			u_char *rdatap;
654a655,658
> 			if (tp + 3 * INT16SZ + INT32SZ > eom) {
> 				formerrmsg = outofDataAnswer;
> 				goto formerr;
> 			}
659,662c663
< 			if (tp >= eom) {
< 				formerrmsg = outofDataAnswer;
< 				goto formerr;
< 			}
---
> 			rdatap = tp;		/* start of rdata */
678,681d678
< 			if ((u_int)dlen < (5 * INT32SZ)) {
< 				formerrmsg = dlenUnderrunAnswer;
< 				goto formerr;
< 			}
692a690,693
> 			if (tp + 5 * INT32SZ > eom) {
> 				formerrmsg = dlenUnderrunAnswer;
> 				goto formerr;
> 			}
693a695,699
> 			tp += 4 * INT32SZ;	/* Skip rest of SOA. */
> 			if ((u_int)(tp - rdatap) != dlen) {
> 				formerrmsg = dlenOverrunAnswer;
> 				goto formerr;
> 			}
788a795,797
> 			free_related_additional();
> 			if (flushset != NULL)
> 				free_flushset(flushset);
793a803
> 			free_related_additional();
794a805,806
> 			if (flushset != NULL)
> 				free_flushset(flushset);
923a936
> 	free_related_additional();
927,930c940
< 		for (i = 0; i < count; i++)
< 			if (flushset[i].fs_name)
< 				free(flushset[i].fs_name);
< 		free((char*)flushset);
---
> 		free_flushset(flushset);
1367a1378,1385
> #define BOUNDS_CHECK(ptr, count) \
> 	do { \
> 		if ((ptr) + (count) > eom) { \
> 			hp->rcode = FORMERR; \
> 			return (-1); \
> 		} \
> 	} while (0)
> 
1378c1396
< 	register u_char *cp;
---
> 	register u_char *cp, *eom, *rdatap;
1392c1410,1411
< 	if ((n = dn_expand(msg, msg + msglen, cp, dname, namelen)) < 0) {
---
> 	eom = msg + msglen;
> 	if ((n = dn_expand(msg, eom, cp, dname, namelen)) < 0) {
1396a1416
> 	BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ);
1400a1421,1422
> 	BOUNDS_CHECK(cp, dlen);
> 	rdatap = cp;
1459,1460c1481
< 		n = dn_expand(msg, msg + msglen, cp,
< 			      (char *)data, sizeof data);
---
> 		n = dn_expand(msg, eom, cp, (char *)data, sizeof data);
1486,1487c1507
< 		n = dn_expand(msg, msg + msglen, cp,
< 			      (char *)data, sizeof data);
---
> 		n = dn_expand(msg, eom, cp, (char *)data, sizeof data);
1497a1518,1521
> 		/*
> 		 * The next use of 'cp' is dn_expand(), so we don't have
> 		 * to BOUNDS_CHECK() here.
> 		 */
1502c1526
< 		n = dn_expand(msg, msg + msglen, cp, (char *)cp1, n1);
---
> 		n = dn_expand(msg, eom, cp, (char *)cp1, n1);
1519c1543,1545
< 			bcopy(cp, cp1, n = 5 * INT32SZ);
---
> 			n = 5 * INT32SZ;
> 			BOUNDS_CHECK(cp, n);
> 			bcopy(cp, cp1, n);
1528a1555
> 		BOUNDS_CHECK(cp, INT16SZ*2);
1533a1561
> 		BOUNDS_CHECK(cp, 1);
1534a1563
> 		BOUNDS_CHECK(cp, n);
1539a1569
> 		BOUNDS_CHECK(cp, 1);
1540a1571
> 		BOUNDS_CHECK(cp, n);
1545a1577
> 		BOUNDS_CHECK(cp, 1);
1546a1579
> 		BOUNDS_CHECK(cp, n);
1552c1585
< 		n = dn_expand(msg, msg + msglen, cp, (char *)cp1,
---
> 		n = dn_expand(msg, eom, cp, (char *)cp1,
1576a1610
> 		BOUNDS_CHECK(cp, INT16SZ);
1582a1617
> 			BOUNDS_CHECK(cp, INT16SZ*2);
1589c1624
< 		n = dn_expand(msg, msg + msglen, cp, (char *)cp1,
---
> 		n = dn_expand(msg, eom, cp, (char *)cp1,
1613a1649
> 		BOUNDS_CHECK(cp, INT16SZ);
1619,1620c1655,1656
< 		n = dn_expand(msg, msg + msglen, cp, (char *)cp1,
< 				sizeof data - INT16SZ);
---
> 		n = dn_expand(msg, eom, cp, (char *)cp1,
> 			      sizeof data - INT16SZ);
1630a1667,1670
> 		/*
> 		 * The next use of 'cp' is dn_expand(), so we don't have
> 		 * to BOUNDS_CHECK() here.
> 		 */
1633c1673
< 		n = dn_expand(msg, msg + msglen, cp, (char *)cp1, n1);
---
> 		n = dn_expand(msg, eom, cp, (char *)cp1, n1);
1655a1696
> 		BOUNDS_CHECK(cp, INT16SZ + 1 + 1 + 3*INT32SZ);
1699a1741
> 		BOUNDS_CHECK(cp, 18);
1705,1707c1747,1749
< 		n = dn_expand(msg, msg + msglen, cp,
< 			      (char *)cp1, (sizeof data) - 18);
< 		if (n < 0)
---
> 		n = dn_expand(msg, eom, cp, (char *)cp1, (sizeof data) - 18);
> 		if (n < 0) {
> 			hp->rcode = FORMERR;
1708a1751
> 		}
1713a1757,1760
> 		if (18 + (u_int)n > dlen) {
> 			hp->rcode = FORMERR;
> 			return (-1);
> 		}
1715c1762,1763
< 		if (n > (sizeof data) - (cp1 - (u_char *)data))
---
> 		if (n > ((int)(sizeof data) - (int)(cp1 - (u_char *)data))) {
> 			hp->rcode = FORMERR;
1716a1765
> 		}
1730a1780,1791
> 
> 	if (cp > eom) {
> 		hp->rcode = FORMERR;
> 		return (-1);
> 	}
> 	if ((u_int)(cp - rdatap) != dlen) {
> 		dprintf(3, (ddt,
> 		      "encoded rdata length is %u, but actual length was %u",
> 			    dlen, (u_int)(cp - rdatap)));
> 		hp->rcode = FORMERR;
> 		return (-1);
> 	}
3065a3127,3137
> static void
> free_flushset(flushset)
> 	struct flush_set *flushset;
> {
> 	struct flush_set *fs;
> 
> 	for (fs = flushset; fs->fs_name != NULL; fs++)
> 		free(fs->fs_name);
> 	free((char *)flushset);
> }
> 
3128c3200,3201
< 		if (strcasecmp(name, related[i]) == 0)
---
> 		if (strcasecmp(name, related[i]) == 0) {
> 			free(name);
3129a3203
> 		}
diff --recurs m:\bind496rel/res/gethnamaddr.c m:\bind497t1/res/gethnamaddr.c
58,59c58,59
< static char rcsid[] = "$Id: gethnamaddr.c,v 8.21 1997/06/01 20:34:37 vixie Exp $";
< #endif /* LIBC_SCCS and not lint */
---
> static char rcsid[] = "$Id: gethnamaddr.c,v 8.23 1998/04/07 04:59:46 vixie Exp $";
> #endif /* LIBC_SCCS and not lint */
61,66c61,66
< #include <sys/types.h>
< #include <sys/param.h>
< #include <sys/socket.h>
< #include <netinet/in.h>
< #include <arpa/inet.h>
< #include <arpa/nameser.h>
---
> #include <sys/types.h>
> #include <sys/param.h>
> #include <sys/socket.h>
> #include <netinet/in.h>
> #include <arpa/inet.h>
> #include <arpa/nameser.h>
154a155,171
> #define BOUNDED_INCR(x) \
> 	do { \
> 		cp += x; \
> 		if (cp > eom) { \
> 			h_errno = NO_RECOVERY; \
> 			return (NULL); \
> 		} \
> 	} while (0)
> 
> #define BOUNDS_CHECK(ptr, count) \
> 	do { \
> 		if ((ptr) + (count) > eom) { \
> 			h_errno = NO_RECOVERY; \
> 			return (NULL); \
> 		} \
> 	} while (0)
> 
165c182
< 	const u_char *eom;
---
> 	const u_char *eom, *erdata;
196c213,214
< 	cp = answer->buf + HFIXEDSZ;
---
> 	cp = answer->buf;
> 	BOUNDED_INCR(HFIXEDSZ);
206c224
< 	cp += n + QFIXEDSZ;
---
> 	BOUNDED_INCR(n + QFIXEDSZ);
237a256
> 		BOUNDS_CHECK(cp, 3 * INT16SZ + INT32SZ);
243a263,264
> 		BOUNDS_CHECK(cp, n);
> 		erdata = cp + n;
257a279,282
> 			if (cp != erdata) {
> 				h_errno = NO_RECOVERY;
> 				return (NULL);
> 			}
285a311,314
> 			if (cp != erdata) {
> 				h_errno = NO_RECOVERY;
> 				return (NULL);
> 			}
320a350,353
> 			if (cp != erdata) {
> 				h_errno = NO_RECOVERY;
> 				return (NULL);
> 			}
390a424,427
> 			if (cp != erdata) {
> 				h_errno = NO_RECOVERY;
> 				return (NULL);
> 			}
diff --recurs m:\bind496rel/res/res_comp.c m:\bind497t1/res/res_comp.c
58,59c58,59
< static char rcsid[] = "$Id: res_comp.c,v 8.12 1997/06/01 20:34:37 vixie Exp $";
< #endif /* LIBC_SCCS and not lint */
---
> static char rcsid[] = "$Id: res_comp.c,v 8.13 1998/04/07 04:24:06 vixie Exp $";
> #endif /* LIBC_SCCS and not lint */
61,64c61,64
< #include <sys/types.h>
< #include <sys/param.h>
< #include <netinet/in.h>
< #include <arpa/nameser.h>
---
> #include <sys/types.h>
> #include <sys/param.h>
> #include <netinet/in.h>
> #include <arpa/nameser.h>
66,67d65
< #include <stdio.h>
< #include <resolv.h>
68a67,69
> #include <errno.h>
> #include <resolv.h>
> #include <stdio.h>
77,78c78,88
< static int	dn_find __P((u_char *exp_dn, u_char *msg,
< 			     u_char **dnptrs, u_char **lastdnptr));
---
> static int	ns_name_ntop __P((const u_char *, char *, size_t));
> static int	ns_name_pton __P((const char *, u_char *, size_t));
> static int	ns_name_unpack __P((const u_char *, const u_char *,
> 				    const u_char *, u_char *, size_t));
> static int	ns_name_pack __P((const u_char *, u_char *, int,
> 				  const u_char **, const u_char **));
> static int	ns_name_uncompress __P((const u_char *, const u_char *,
> 					const u_char *, char *, size_t));
> static int	ns_name_compress __P((const char *, u_char *, size_t,
> 				      const u_char **, const u_char **));
> static int	ns_name_skip __P((const u_char **, const u_char *));
88,148c98,101
< dn_expand(msg, eomorig, comp_dn, exp_dn, length)
< 	const u_char *msg, *eomorig, *comp_dn;
< 	char *exp_dn;
< 	int length;
< {
< 	register const u_char *cp;
< 	register char *dn;
< 	register int n, c;
< 	char *eom;
< 	int len = -1, checked = 0, octets = 0;
< 
< 	dn = exp_dn;
< 	cp = comp_dn;
< 	eom = exp_dn + length;
< 	/*
< 	 * fetch next label in domain name
< 	 */
< 	while (n = *cp++) {
< 		/*
< 		 * Check for indirection
< 		 */
< 		switch (n & INDIR_MASK) {
< 		case 0:
< 			octets += (n + 1);
< 			if (octets > MAXCDNAME)
< 				return (-1);
< 			if (dn != exp_dn) {
< 				if (dn >= eom)
< 					return (-1);
< 				*dn++ = '.';
< 			}
< 			if (dn+n >= eom)
< 				return (-1);
< 			checked += n + 1;
< 			while (--n >= 0) {
< 				if (((c = *cp++) == '.') || (c == '\\')) {
< 					if (dn + n + 2 >= eom)
< 						return (-1);
< 					*dn++ = '\\';
< 				}
< 				*dn++ = c;
< 				if (cp >= eomorig)	/* out of range */
< 					return (-1);
< 			}
< 			break;
< 
< 		case INDIR_MASK:
< 			if (len < 0)
< 				len = cp - comp_dn + 1;
< 			cp = msg + (((n & 0x3f) << 8) | (*cp & 0xff));
< 			if (cp < msg || cp >= eomorig)	/* out of range */
< 				return (-1);
< 			checked += 2;
< 			/*
< 			 * Check for loops in the compressed name;
< 			 * if we've looked at the whole message,
< 			 * there must be a loop.
< 			 */
< 			if (checked >= eomorig - msg)
< 				return (-1);
< 			break;
---
> dn_expand(const u_char *msg, const u_char *eom, const u_char *src,
> 	  char *dst, int dstsiz)
> {
> 	int n = ns_name_uncompress(msg, eom, src, dst, (size_t)dstsiz);
150,157c103,105
< 		default:
< 			return (-1);			/* flag error */
< 		}
< 	}
< 	*dn = '\0';
< 	if (len < 0)
< 		len = cp - comp_dn;
< 	return (len);
---
> 	if (n > 0 && dst[0] == '.')
> 		dst[0] = '\0';
> 	return (n);
161c109
<  * Compress domain name 'exp_dn' into 'comp_dn'.
---
>  * Pack domain name 'exp_dn' in presentation form into 'comp_dn'.
164,170d111
<  * 'dnptrs' is a list of pointers to previous compressed names. dnptrs[0]
<  * is a pointer to the beginning of the message. The list ends with NULL.
<  * 'lastdnptr' is a pointer to the end of the arrary pointed to
<  * by 'dnptrs'. Side effect is to update the list of pointers for
<  * labels inserted into the message as we compress the name.
<  * If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr'
<  * is NULL, we don't update the list.
173,248c114,119
< dn_comp(exp_dn, comp_dn, length, dnptrs, lastdnptr)
< 	const char *exp_dn;
< 	u_char *comp_dn, **dnptrs, **lastdnptr;
< 	int length;
< {
< 	register u_char *cp, *dn;
< 	register int c, l;
< 	u_char **cpp, **lpp, *sp, *eob;
< 	u_char *msg;
< 
< 	dn = (u_char *)exp_dn;
< 	cp = comp_dn;
< 	if (length > MAXCDNAME)
< 		length = MAXCDNAME;
< 	eob = cp + length;
< 	lpp = cpp = NULL;
< 	if (dnptrs != NULL) {
< 		if ((msg = *dnptrs++) != NULL) {
< 			for (cpp = dnptrs; *cpp != NULL; cpp++)
< 				;
< 			lpp = cpp;	/* end of list to search */
< 		}
< 	} else
< 		msg = NULL;
< 	for (c = *dn++; c != '\0'; ) {
< 		/* look to see if we can use pointers */
< 		if (msg != NULL) {
< 			if ((l = dn_find(dn-1, msg, dnptrs, lpp)) >= 0) {
< 				if (cp+1 >= eob)
< 					return (-1);
< 				*cp++ = (l >> 8) | INDIR_MASK;
< 				*cp++ = l % 256;
< 				return (cp - comp_dn);
< 			}
< 			/* not found, save it */
< 			if (lastdnptr != NULL && cpp < lastdnptr-1) {
< 				*cpp++ = cp;
< 				*cpp = NULL;
< 			}
< 		}
< 		sp = cp++;	/* save ptr to length byte */
< 		do {
< 			if (c == '.') {
< 				c = *dn++;
< 				break;
< 			}
< 			if (c == '\\') {
< 				if ((c = *dn++) == '\0')
< 					break;
< 			}
< 			if (cp >= eob) {
< 				if (msg != NULL)
< 					*lpp = NULL;
< 				return (-1);
< 			}
< 			*cp++ = c;
< 		} while ((c = *dn++) != '\0');
< 		/* catch trailing '.'s but not '..' */
< 		if ((l = cp - sp - 1) == 0 && c == '\0') {
< 			cp--;
< 			break;
< 		}
< 		if (l <= 0 || l > MAXLABEL) {
< 			if (msg != NULL)
< 				*lpp = NULL;
< 			return (-1);
< 		}
< 		*sp = l;
< 	}
< 	if (cp >= eob) {
< 		if (msg != NULL)
< 			*lpp = NULL;
< 		return (-1);
< 	}
< 	*cp++ = '\0';
< 	return (cp - comp_dn);
---
> dn_comp(const char *src, u_char *dst, int dstsiz,
> 	u_char **dnptrs, u_char **lastdnptr)
> {
> 	return (ns_name_compress(src, dst, (size_t)dstsiz,
> 				 (const u_char **)dnptrs,
> 				 (const u_char **)lastdnptr));
255,259c126,127
< __dn_skipname(comp_dn, eom)
< 	const u_char *comp_dn, *eom;
< {
< 	register const u_char *cp;
< 	register int n;
---
> __dn_skipname(const u_char *ptr, const u_char *eom) {
> 	const u_char *saveptr = ptr;
261,278c129
< 	cp = comp_dn;
< 	while (cp < eom && (n = *cp++)) {
< 		/*
< 		 * check for indirection
< 		 */
< 		switch (n & INDIR_MASK) {
< 		case 0:			/* normal case, n == len */
< 			cp += n;
< 			continue;
< 		case INDIR_MASK:	/* indirection */
< 			cp++;
< 			break;
< 		default:		/* illegal type */
< 			return (-1);
< 		}
< 		break;
< 	}
< 	if (cp > eom)
---
> 	if (ns_name_skip(&ptr, eom) == -1)
280,342c131
< 	return (cp - comp_dn);
< }
< 
< static int
< mklower(ch)
< 	register int ch;
< {
< 	if (isascii(ch) && isupper(ch))
< 		return (tolower(ch));
< 	return (ch);
< }
< 
< /*
<  * Search for expanded name from a list of previously compressed names.
<  * Return the offset from msg if found or -1.
<  * dnptrs is the pointer to the first name on the list,
<  * not the pointer to the start of the message.
<  */
< static int
< dn_find(exp_dn, msg, dnptrs, lastdnptr)
< 	u_char *exp_dn, *msg;
< 	u_char **dnptrs, **lastdnptr;
< {
< 	register u_char *dn, *cp, **cpp;
< 	register int n;
< 	u_char *sp;
< 
< 	for (cpp = dnptrs; cpp < lastdnptr; cpp++) {
< 		dn = exp_dn;
< 		sp = cp = *cpp;
< 		while (n = *cp++) {
< 			/*
< 			 * check for indirection
< 			 */
< 			switch (n & INDIR_MASK) {
< 			case 0:		/* normal case, n == len */
< 				while (--n >= 0) {
< 					if (*dn == '.')
< 						goto next;
< 					if (*dn == '\\')
< 						dn++;
< 					if (mklower(*dn++) != mklower(*cp++))
< 						goto next;
< 				}
< 				if ((n = *dn++) == '\0' && *cp == '\0')
< 					return (sp - msg);
< 				if (n == '.')
< 					continue;
< 				goto next;
< 
< 			case INDIR_MASK:	/* indirection */
< 				cp = msg + (((n & 0x3f) << 8) | *cp);
< 				break;
< 
< 			default:	/* illegal type */
< 				return (-1);
< 			}
< 		}
< 		if (*dn == '\0')
< 			return (sp - msg);
< 	next:	;
< 	}
< 	return (-1);
---
> 	return (ptr - saveptr);
511a301,937
> 
> /* ++ From BIND 8.1.1. ++ */
> /*
>  * Copyright (c) 1996 by Internet Software Consortium.
>  *
>  * Permission to use, copy, modify, and distribute this software for any
>  * purpose with or without fee is hereby granted, provided that the above
>  * copyright notice and this permission notice appear in all copies.
>  *
>  * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
>  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
>  * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
>  * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
>  * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
>  * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
>  * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
>  * SOFTWARE.
>  */
> 
> /*"Id: ns_name.c,v 1.1 1997/12/13 02:41:13 vixie Exp vixie"*/
> 
> /*#include "port_before.h"*/
> 
> /*#include <sys/types.h>*/
> 
> /*#include <netinet/in.h>*/
> /*#include <arpa/nameser.h>*/
> 
> /*#include <errno.h>*/
> /*#include <resolv.h>*/
> /*#include <string.h>*/
> 
> /*#include "port_after.h"*/
> 
> #define NS_CMPRSFLGS	0xc0	/* Flag bits indicating name compression. */
> #define NS_MAXCDNAME	255	/* maximum compressed domain name */
> 
> /* Data. */
> 
> static char		digits[] = "0123456789";
> 
> /* Forward. */
> 
> static int		special(int);
> static int		printable(int);
> static int		dn_find(const u_char *, const u_char *,
> 				const u_char * const *,
> 				const u_char * const *);
> 
> /* Public. */
> 
> /*
>  * ns_name_ntop(src, dst, dstsiz)
>  *	Convert an encoded domain name to printable ascii as per RFC1035.
>  * return:
>  *	Number of bytes written to buffer, or -1 (with errno set)
>  * notes:
>  *	The root is returned as "."
>  *	All other domains are returned in non absolute form
>  */
> static int
> ns_name_ntop(src, dst, dstsiz)
> 	const u_char *src;
> 	char *dst;
> 	size_t dstsiz;
> {
> 	const u_char *cp;
> 	char *dn, *eom;
> 	u_char c;
> 	u_int n;
> 
> 	cp = src;
> 	dn = dst;
> 	eom = dst + dstsiz;
> 
> 	while ((n = *cp++) != 0) {
> 		if ((n & NS_CMPRSFLGS) != 0) {
> 			/* Some kind of compression pointer. */
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		if (dn != dst) {
> 			if (dn >= eom) {
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 			*dn++ = '.';
> 		}
> 		if (dn + n >= eom) {
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		for ((void)NULL; n > 0; n--) {
> 			c = *cp++;
> 			if (special(c)) {
> 				if (dn + 1 >= eom) {
> 					errno = EMSGSIZE;
> 					return (-1);
> 				}
> 				*dn++ = '\\';
> 				*dn++ = (char)c;
> 			} else if (!printable(c)) {
> 				if (dn + 3 >= eom) {
> 					errno = EMSGSIZE;
> 					return (-1);
> 				}
> 				*dn++ = '\\';
> 				*dn++ = digits[c / 100];
> 				*dn++ = digits[(c % 100) / 10];
> 				*dn++ = digits[c % 10];
> 			} else {
> 				if (dn >= eom) {
> 					errno = EMSGSIZE;
> 					return (-1);
> 				}
> 				*dn++ = (char)c;
> 			}
> 		}
> 	}
> 	if (dn == dst) {
> 		if (dn >= eom) {
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		*dn++ = '.';
> 	}
> 	if (dn >= eom) {
> 		errno = EMSGSIZE;
> 		return (-1);
> 	}
> 	*dn++ = '\0';
> 	return (dn - dst);
> }
> 
> /*
>  * ns_name_pton(src, dst, dstsiz)
>  *	Convert a ascii string into an encoded domain name as per RFC1035.
>  * return:
>  *	-1 if it fails
>  *	1 if string was fully qualified
>  *	0 is string was not fully qualified
>  * notes:
>  *	Enforces label and domain length limits.
>  */
> 
> static int
> ns_name_pton(src, dst, dstsiz)
> 	const char *src;
> 	u_char *dst;
> 	size_t dstsiz;
> {
> 	u_char *label, *bp, *eom;
> 	int c, n, escaped;
> 	char *cp;
> 
> 	escaped = 0;
> 	bp = dst;
> 	eom = dst + dstsiz;
> 	label = bp++;
> 
> 	while ((c = *src++) != 0) {
> 		if (escaped) {
> 			if ((cp = strchr(digits, c)) != NULL) {
> 				n = (cp - digits) * 100;
> 				if ((c = *src++) == 0 ||
> 				    (cp = strchr(digits, c)) == NULL) {
> 					errno = EMSGSIZE;
> 					return (-1);
> 				}
> 				n += (cp - digits) * 10;
> 				if ((c = *src++) == 0 ||
> 				    (cp = strchr(digits, c)) == NULL) {
> 					errno = EMSGSIZE;
> 					return (-1);
> 				}
> 				n += (cp - digits);
> 				if (n > 255) {
> 					errno = EMSGSIZE;
> 					return (-1);
> 				}
> 				c = n;
> 			}
> 			escaped = 0;
> 		} else if (c == '\\') {
> 			escaped = 1;
> 			continue;
> 		} else if (c == '.') {
> 			c = (bp - label - 1);
> 			if ((c & NS_CMPRSFLGS) != 0) {	/* Label too big. */
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 			if (label >= eom) {
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 			*label = c;
> 			/* Fully qualified ? */
> 			if (*src == '\0') {
> 				if (c != 0) {
> 					if (bp >= eom) {
> 						errno = EMSGSIZE;
> 						return (-1);
> 					}
> 					*bp++ = '\0';
> 				}
> 				if ((bp - dst) > MAXCDNAME) {
> 					errno = EMSGSIZE;
> 					return (-1);
> 				}
> 				return (1);
> 			}
> 			if (c == 0) {
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 			label = bp++;
> 			continue;
> 		}
> 		if (bp >= eom) {
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		*bp++ = (u_char)c;
> 	}
> 	c = (bp - label - 1);
> 	if ((c & NS_CMPRSFLGS) != 0) {		/* Label too big. */
> 		errno = EMSGSIZE;
> 		return (-1);
> 	}
> 	if (label >= eom) {
> 		errno = EMSGSIZE;
> 		return (-1);
> 	}
> 	*label = c;
> 	if (c != 0) {
> 		if (bp >= eom) {
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		*bp++ = 0;
> 	}
> 	if ((bp - dst) > MAXCDNAME) {	/* src too big */
> 		errno = EMSGSIZE;
> 		return (-1);
> 	}
> 	return (0);
> }
> 
> /*
>  * ns_name_unpack(msg, eom, src, dst, dstsiz)
>  *	Unpack a domain name from a message, source may be compressed.
>  * return:
>  *	-1 if it fails, or consumed octets if it succeeds.
>  */
> static int
> ns_name_unpack(msg, eom, src, dst, dstsiz)
> 	const u_char *msg;
> 	const u_char *eom;
> 	const u_char *src;
> 	u_char *dst;
> 	size_t dstsiz;
> {
> 	const u_char *srcp, *dstlim;
> 	u_char *dstp;
> 	int n, c, len, checked;
> 
> 	len = -1;
> 	checked = 0;
> 	dstp = dst;
> 	srcp = src;
> 	dstlim = dst + dstsiz;
> 	if (srcp < msg || srcp >= eom) {
> 		errno = EMSGSIZE;
> 		return (-1);
> 	}
> 	/* Fetch next label in domain name. */
> 	while ((n = *srcp++) != 0) {
> 		/* Check for indirection. */
> 		switch (n & NS_CMPRSFLGS) {
> 		case 0:
> 			/* Limit checks. */
> 			if (dstp + n + 1 >= dstlim || srcp + n >= eom) {
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 			checked += n + 1;
> 			*dstp++ = n;
> 			memcpy(dstp, srcp, n);
> 			dstp += n;
> 			srcp += n;
> 			break;
> 
> 		case NS_CMPRSFLGS:
> 			if (srcp >= eom) {
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 			if (len < 0)
> 				len = srcp - src + 1;
> 			srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff));
> 			if (srcp < msg || srcp >= eom) {  /* Out of range. */
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 			checked += 2;
> 			/*
> 			 * Check for loops in the compressed name;
> 			 * if we've looked at the whole message,
> 			 * there must be a loop.
> 			 */
> 			if (checked >= eom - msg) {
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 			break;
> 
> 		default:
> 			errno = EMSGSIZE;
> 			return (-1);			/* flag error */
> 		}
> 	}
> 	*dstp = '\0';
> 	if (len < 0)
> 		len = srcp - src;
> 	return (len);
> }
> 
> /*
>  * ns_name_pack(src, dst, dstsiz, dnptrs, lastdnptr)
>  *	Pack domain name 'domain' into 'comp_dn'.
>  * return:
>  *	Size of the compressed name, or -1.
>  * notes:
>  *	'dnptrs' is an array of pointers to previous compressed names.
>  *	dnptrs[0] is a pointer to the beginning of the message. The array
>  *	ends with NULL.
>  *	'lastdnptr' is a pointer to the end of the array pointed to
>  *	by 'dnptrs'.
>  * Side effects:
>  *	The list of pointers in dnptrs is updated for labels inserted into
>  *	the message as we compress the name.  If 'dnptr' is NULL, we don't
>  *	try to compress names. If 'lastdnptr' is NULL, we don't update the
>  *	list.
>  */
> static int
> ns_name_pack(src, dst, dstsiz, dnptrs, lastdnptr)
> 	const u_char *src;
> 	u_char *dst;
> 	int dstsiz;
> 	const u_char **dnptrs;
> 	const u_char **lastdnptr;
> {
> 	u_char *dstp;
> 	const u_char **cpp, **lpp, *eob, *msg;
> 	const u_char *srcp;
> 	int n, l;
> 
> 	srcp = src;
> 	dstp = dst;
> 	eob = dstp + dstsiz;
> 	lpp = cpp = NULL;
> 	if (dnptrs != NULL) {
> 		if ((msg = *dnptrs++) != NULL) {
> 			for (cpp = dnptrs; *cpp != NULL; cpp++)
> 				(void)NULL;
> 			lpp = cpp;	/* end of list to search */
> 		}
> 	} else
> 		msg = NULL;
> 
> 	/* make sure the domain we are about to add is legal */
> 	l = 0;
> 	do {
> 		n = *srcp;
> 		if ((n & NS_CMPRSFLGS) != 0) {
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		l += n + 1;
> 		if (l > MAXCDNAME) {
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		srcp += n + 1;
> 	} while (n != 0);
> 
> 	srcp = src;
> 	do {
> 		/* Look to see if we can use pointers. */
> 		n = *srcp;
> 		if (n != 0 && msg != NULL) {
> 			l = dn_find(srcp, msg, (const u_char * const *)dnptrs,
> 				    (const u_char * const *)lpp);
> 			if (l >= 0) {
> 				if (dstp + 1 >= eob) {
> 					errno = EMSGSIZE;
> 					return (-1);
> 				}
> 				*dstp++ = (l >> 8) | NS_CMPRSFLGS;
> 				*dstp++ = l % 256;
> 				return (dstp - dst);
> 			}
> 			/* Not found, save it. */
> 			if (lastdnptr != NULL && cpp < lastdnptr - 1 &&
> 			    (dstp - msg) < 0x4000) {
> 				*cpp++ = dstp;
> 				*cpp = NULL;
> 			}
> 		}
> 		/* copy label to buffer */
> 		if (n & NS_CMPRSFLGS) {		/* Should not happen. */
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		if (dstp + 1 + n >= eob) {
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		memcpy(dstp, srcp, n + 1);
> 		srcp += n + 1;
> 		dstp += n + 1;
> 	} while (n != 0);
> 
> 	if (dstp > eob) {
> 		if (msg != NULL)
> 			*lpp = NULL;
> 		errno = EMSGSIZE;
> 		return (-1);
> 	} 
> 	return (dstp - dst);
> }
> 
> /*
>  * ns_name_uncompress(msg, eom, src, dst, dstsiz)
>  *	Expand compressed domain name to presentation format.
>  * return:
>  *	Number of bytes read out of `src', or -1 (with errno set).
>  * note:
>  *	Root domain returns as "." not "".
>  */
> static int
> ns_name_uncompress(msg, eom, src, dst, dstsiz)
> 	const u_char *msg;
> 	const u_char *eom;
> 	const u_char *src;
> 	char *dst;
> 	size_t dstsiz;
> {
> 	u_char tmp[NS_MAXCDNAME];
> 	int n;
> 	
> 	if ((n = ns_name_unpack(msg, eom, src, tmp, sizeof tmp)) == -1)
> 		return (-1);
> 	if (ns_name_ntop(tmp, dst, dstsiz) == -1)
> 		return (-1);
> 	return (n);
> }
> 
> /*
>  * ns_name_compress(src, dst, dstsiz, dnptrs, lastdnptr)
>  *	Compress a domain name into wire format, using compression pointers.
>  * return:
>  *	Number of bytes consumed in `dst' or -1 (with errno set).
>  * notes:
>  *	'dnptrs' is an array of pointers to previous compressed names.
>  *	dnptrs[0] is a pointer to the beginning of the message.
>  *	The list ends with NULL.  'lastdnptr' is a pointer to the end of the
>  *	array pointed to by 'dnptrs'. Side effect is to update the list of
>  *	pointers for labels inserted into the message as we compress the name.
>  *	If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr'
>  *	is NULL, we don't update the list.
>  */
> static int
> ns_name_compress(src, dst, dstsiz, dnptrs, lastdnptr)
> 	const char *src;
> 	u_char *dst;
> 	size_t dstsiz;
> 	const u_char **dnptrs;
> 	const u_char **lastdnptr;
> {
> 	u_char tmp[NS_MAXCDNAME];
> 
> 	if (ns_name_pton(src, tmp, sizeof tmp) == -1)
> 		return (-1);
> 	return (ns_name_pack(tmp, dst, dstsiz, dnptrs, lastdnptr));
> }
> 
> /*
>  * ns_name_skip(ptrptr, eom)
>  *	Advance *ptrptr to skip over the compressed name it points at.
>  * return:
>  *	0 on success, -1 (with errno set) on failure.
>  */
> static int
> ns_name_skip(ptrptr, eom)
> 	const u_char **ptrptr;
> 	const u_char *eom;
> {
> 	const u_char *cp;
> 	u_int n;
> 
> 	cp = *ptrptr;
> 	while (cp < eom && (n = *cp++) != 0) {
> 		/* Check for indirection. */
> 		switch (n & NS_CMPRSFLGS) {
> 		case 0:			/* normal case, n == len */
> 			cp += n;
> 			continue;
> 		case NS_CMPRSFLGS:	/* indirection */
> 			cp++;
> 			break;
> 		default:		/* illegal type */
> 			errno = EMSGSIZE;
> 			return (-1);
> 		}
> 		break;
> 	}
> 	if (cp > eom) {
> 		errno = EMSGSIZE;
> 		return (-1);
> 	}
> 	*ptrptr = cp;
> 	return (0);
> }
> 
> /* Private. */
> 
> /*
>  * special(ch)
>  *	Thinking in noninternationalized USASCII (per the DNS spec),
>  *	is this characted special ("in need of quoting") ?
>  * return:
>  *	boolean.
>  */
> static int
> special(ch)
> 	int ch;
> {
> 	switch (ch) {
> 	case 0x22: /* '"' */
> 	case 0x2E: /* '.' */
> 	case 0x3B: /* ';' */
> 	case 0x5C: /* '\\' */
> 	/* Special modifiers in zone files. */
> 	case 0x40: /* '@' */
> 	case 0x24: /* '$' */
> 		return (1);
> 	default:
> 		return (0);
> 	}
> }
> 
> /*
>  * printable(ch)
>  *	Thinking in noninternationalized USASCII (per the DNS spec),
>  *	is this character visible and not a space when printed ?
>  * return:
>  *	boolean.
>  */
> static int
> printable(ch)
> 	int ch;
> {
> 	return (ch > 0x20 && ch < 0x7f);
> }
> 
> /*
>  *	Thinking in noninternationalized USASCII (per the DNS spec),
>  *	convert this character to lower case if it's upper case.
>  */
> static int
> mklower(ch)
> 	int ch;
> {
> 	if (ch >= 0x41 && ch <= 0x5A)
> 		return (ch + 0x20);
> 	return (ch);
> }
> 
> /*
>  * dn_find(domain, msg, dnptrs, lastdnptr)
>  *	Search for the counted-label name in an array of compressed names.
>  * return:
>  *	offset from msg if found, or -1.
>  * notes:
>  *	dnptrs is the pointer to the first name on the list,
>  *	not the pointer to the start of the message.
>  */
> static int
> dn_find(domain, msg, dnptrs, lastdnptr)
> 	const u_char *domain;
> 	const u_char *msg;
> 	const u_char * const *dnptrs;
> 	const u_char * const *lastdnptr;
> {
> 	const u_char *dn, *cp, *sp;
> 	const u_char * const *cpp;
> 	u_int n;
> 
> 	for (cpp = dnptrs; cpp < lastdnptr; cpp++) {
> 		dn = domain;
> 		sp = cp = *cpp;
> 		while ((n = *cp++) != 0) {
> 			/*
> 			 * check for indirection
> 			 */
> 			switch (n & NS_CMPRSFLGS) {
> 			case 0:			/* normal case, n == len */
> 				if (n != *dn++)
> 					goto next;
> 				for ((void)NULL; n > 0; n--)
> 					if (mklower(*dn++) != mklower(*cp++))
> 						goto next;
> 				/* Is next root for both ? */
> 				if (*dn == '\0' && *cp == '\0')
> 					return (sp - msg);
> 				if (*dn)
> 					continue;
> 				goto next;
> 
> 			case NS_CMPRSFLGS:	/* indirection */
> 				cp = msg + (((n & 0x3f) << 8) | *cp);
> 				break;
> 
> 			default:	/* illegal type */
> 				errno = EMSGSIZE;
> 				return (-1);
> 			}
> 		}
>  next: ;
> 	}
> 	errno = ENOENT;
> 	return (-1);
> }
> 
> /* -- From BIND 8.1.1. -- */
diff --recurs m:\bind496rel/res/res_send.c m:\bind497t1/res/res_send.c
58,59c58,59
< static char rcsid[] = "$Id: res_send.c,v 8.13 1997/06/01 20:34:37 vixie Exp $";
< #endif /* LIBC_SCCS and not lint */
---
> static char rcsid[] = "$Id: res_send.c,v 8.14 1998/04/07 04:59:46 vixie Exp $";
> #endif /* LIBC_SCCS and not lint */
61,64c61,64
< 	/* change this to "0"
< 	 * if you talk to a lot
< 	 * of multi-homed SunOS
< 	 * ("broken") name servers.
---
> 	/* change this to "0"
> 	 * if you talk to a lot
> 	 * of multi-homed SunOS
> 	 * ("broken") name servers.
66c66
< #define	CHECK_SRVR_ADDR	1	/* XXX - should be in options.h */
---
> #define	CHECK_SRVR_ADDR	1	/* XXX - should be in options.h */
216a217,218
>  * requires:
>  *	buf + HFIXESDZ <= eom
240a243,244
> 		if (cp + 2 * INT16SZ > eom)
> 			return (-1);
269a274,276
> 	if (buf1 + HFIXEDSZ > eom1 || buf2 + HFIXEDSZ > eom2)
> 		return (-1);
> 
279a287,288
> 		if (cp + 2 * INT16SZ > eom1)
> 			return (-1);
304a314,317
> 	if (anssiz < HFIXEDSZ) {
> 		errno = EINVAL;
> 		return (-1);
> 	}
448a462,472
> 			if (len < HFIXEDSZ) {
> 				/*
> 				 * Undersized message.
> 				 */
> 				Dprint(_res.options & RES_DEBUG,
> 				       (stdout, ";; undersized: %d\n", len));
> 				terrno = EMSGSIZE;
> 				badns |= (1 << ns);
> 				res_close();
> 				goto next_ns;
> 			}
604,605c628,630
< 			if (s+1 > FD_SETSIZE) {
< 				Perror(stderr, "s+1 > FD_SETSIZE", EMFILE);
---
>     wait:
> 			if (s < 0 || s >= FD_SETSIZE) {
> 				Perror(stderr, "s out-of-bounds", EMFILE);
609d633
<     wait:
640a665,676
> 			if (resplen < HFIXEDSZ) {
> 				/*
> 				 * Undersized message.
> 				 */
> 				Dprint(_res.options & RES_DEBUG,
> 				       (stdout, ";; undersized: %d\n",
> 					resplen));
> 				terrno = EMSGSIZE;
> 				badns |= (1 << ns);
> 				res_close();
> 				goto next_ns;
> 			}
diff --recurs m:\bind496rel/shres/linux/Makefile m:\bind497t1/shres/linux/Makefile
1c1
< #ident	   "@(#)bind/shres/linux:$Id: Makefile,v 8.5 1996/09/22 00:13:32 vixie Exp $"
---
> #ident	   "@(#)bind/shres/linux:$Id: Makefile,v 8.1 1998/04/07 05:00:24 vixie Exp $"
Only in m:\bind496rel/shres/sunos: INSTALL.orig
Only in m:\bind496rel/shres/sunos: ISSUES.orig
Only in m:\bind496rel/shres/sunos: PROBLEMS.orig
Only in m:\bind496rel/shres/sunos: makeshlib.orig
Only in m:\bind496rel/tools/nslookup: send.c.orig
