fix off-by-one in checking hostname length in new resolver backend

this bug was introduced in the recent resolver overhaul commits. it
likely had visible symptoms. these were probably limited to wrongly
accepting truncated versions of over-long names (vs rejecting them),
as opposed to stack-based overflows or anything more severe, but no
extensive checks were made. there have been no releases where this bug
was present.

diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c
index b1f1ffd0db14eeda436c24af484c08d5ff209cb0..e1b583ee0c348e15403b0726bfb7b088f1146169 100644 (file)
--- a/src/network/lookup_name.c
+++ b/src/network/lookup_name.c
@@ -14,7 +14,7 @@
 static int is_valid_hostname(const char *host)
 {
        const unsigned char *s;
-       if (strnlen(host, 255)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
+       if (strnlen(host, 256)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0;
        for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++);
        return !*s;
 }
@@ -119,7 +119,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c
        *canon = 0;
        if (name) {
                size_t l;
-               if ((l = strnlen(name, 255))-1 > 254)
+               if ((l = strnlen(name, 256))-1 > 254)
                        return EAI_NONAME;
                memcpy(canon, name, l+1);
        }