From: Jeremy Allison Date: Mon, 30 Apr 2012 23:32:51 +0000 (-0700) Subject: Fix the loop unrolling inside resolve_ads(). X-Git-Tag: samba-3.5.16~23 X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=e4d9909be5f7c8c022d2ee22d3259a6b412d4fc9 Fix the loop unrolling inside resolve_ads(). If we don't get an IP list don't use interpret_string_addr(), as this only returns one address, use interpret_string_addr_internal() instead. The last 4 patches address bug #8910 (resolve_ads() code can return zero addresses and miss valid DC IP addresses). (cherry picked from commit b9d3f8258396873d6ec8b6ea9ad066e2f1f8e973) --- diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 671cb76caad..af76f3f85db 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -1287,7 +1287,7 @@ static NTSTATUS resolve_ads(const char *name, struct ip_service **return_iplist, int *return_count) { - int i, j; + int i; NTSTATUS status; TALLOC_CTX *ctx; struct dns_rr_srv *dcs = NULL; @@ -1336,7 +1336,11 @@ static NTSTATUS resolve_ads(const char *name, } for (i=0;iport = dcs[i].port; - - /* If we don't have an IP list for a name, lookup it up */ + for (i = 0; i < numdcs; i++) { + /* If we don't have an IP list for a name, look it up */ if (!dcs[i].ss_s) { - interpret_string_addr(&r->ss, dcs[i].hostname, 0); - i++; - j = 0; - } else { - /* use the IP addresses from the SRV sresponse */ - - if ( j >= dcs[i].num_ips ) { - i++; - j = 0; + /* We need to get all IP addresses here. */ + struct addrinfo *res = NULL; + struct addrinfo *p; + int extra_addrs = 0; + + if (!interpret_string_addr_internal(&res, + dcs[i].hostname, + 0)) { continue; } - - r->ss = dcs[i].ss_s[j]; - j++; - } - - /* make sure it is a valid IP. I considered checking the - * negative connection cache, but this is the wrong place - * for it. Maybe only as a hack. After think about it, if - * all of the IP addresses returned from DNS are dead, what - * hope does a netbios name lookup have ? The standard reason - * for falling back to netbios lookups is that our DNS server - * doesn't know anything about the DC's -- jerry */ - - if (!is_zero_addr((struct sockaddr *)&r->ss)) { - (*return_count)++; + /* Add in every IP from the lookup. How + many is that ? */ + for (p = res; p; p = p->ai_next) { + if (is_zero_addr((struct sockaddr *)p->ai_addr)) { + continue; + } + extra_addrs++; + } + if (extra_addrs > 1) { + /* We need to expand the return_iplist array + as we only budgeted for one address. */ + numaddrs += (extra_addrs-1); + *return_iplist = SMB_REALLOC_ARRAY(*return_iplist, + struct ip_service, + numaddrs); + if (*return_iplist == NULL) { + if (res) { + freeaddrinfo(res); + } + talloc_destroy(ctx); + return NT_STATUS_NO_MEMORY; + } + } + for (p = res; p; p = p->ai_next) { + (*return_iplist)[*return_count].port = dcs[i].port; + memcpy(&(*return_iplist)[*return_count].ss, + p->ai_addr, + p->ai_addrlen); + if (is_zero_addr((struct sockaddr *)&(*return_iplist)[*return_count].ss)) { + continue; + } + (*return_count)++; + /* Should never happen, but still... */ + if (*return_count>=numaddrs) { + break; + } + } + if (res) { + freeaddrinfo(res); + } + } else { + /* use all the IP addresses from the SRV sresponse */ + int j; + for (j = 0; j < dcs[i].num_ips; j++) { + (*return_iplist)[*return_count].port = dcs[i].port; + (*return_iplist)[*return_count].ss = dcs[i].ss_s[j]; + if (is_zero_addr((struct sockaddr *)&(*return_iplist)[*return_count].ss)) { + continue; + } + (*return_count)++; + /* Should never happen, but still... */ + if (*return_count>=numaddrs) { + break; + } + } } }