Ticket #47835 - Coverity: 12687..12692

12690 - Unbounded source buffer
Description: To solve "Passing string hp->h_name of unknown size to
slapi_ch_strdup, which expects a string of a particular size", get
HOST_NAME_MAX and pass it to slapi_ch_strndup, which is added for
passing the maximum size to strndup.

Reviewed by [email protected] (Thanks, Rich!)

https://fedorahosted.org/389/ticket/47835

ldap/servers/slapd/ch_malloc.c

@@ -301,6 +301,43 @@ slapi_ch_strdup ( const char* s1)
 #endif
     return newmem;
 }
+
+char*
+slapi_ch_strndup ( const char* s1, size_t n)
+{
+    char* newmem;
+    
+    /* strdup pukes on NULL strings...bail out now */
+    if ((NULL == s1) || (0 == n)) {
+        return NULL;
+    }
+    newmem = strndup (s1, n);
+    if (newmem == NULL) {
+        int oserr = errno;
+        oom_occurred();
+
+        slapi_log_error( SLAPI_LOG_FATAL, SLAPD_MODULE,
+            "strdup of %lu characters failed; OS error %d (%s)%s\n",
+            (unsigned long)n, oserr, slapd_system_strerror( oserr ),
+            oom_advice );
+        exit (1);
+    }
+    if(!counters_created)
+    {
+        create_counters();
+        counters_created= 1;
+    }
+    PR_INCREMENT_COUNTER(slapi_ch_counter_strdup);
+    PR_INCREMENT_COUNTER(slapi_ch_counter_created);
+    PR_INCREMENT_COUNTER(slapi_ch_counter_exist);
+#if defined(_WIN32) && defined(DEBUG)
+    if(recording)
+    {
+        add_memory_record(newmem,strlen(s1)+1);
+    }
+#endif
+    return newmem;
+}
 #endif /* !MEMPOOL_EXPERIMENTAL */
 
 struct berval*

ldap/servers/slapd/localhost.c

@@ -119,8 +119,9 @@ find_localhost_DNS()
 	return NULL;
     }
     if (strchr (hp->h_name, '.') != NULL) {
+	long host_name_max = sysconf(_SC_HOST_NAME_MAX);
 	LDAPDebug (LDAP_DEBUG_CONFIG, "h_name == %s\n", hp->h_name, 0, 0);
-	return slapi_ch_strdup (hp->h_name);
+	return slapi_ch_strndup (hp->h_name, host_name_max);
     } else if (hp->h_aliases != NULL) {
 	for (alias = hp->h_aliases; *alias != NULL; ++alias) {
 	    if (strchr  (*alias, '.') != NULL &&

ldap/servers/slapd/slapi-plugin.h

@@ -5799,6 +5799,7 @@ char * slapi_ch_malloc( unsigned long size );
 char * slapi_ch_realloc( char *block, unsigned long size );
 char * slapi_ch_calloc( unsigned long nelem, unsigned long size );
 char * slapi_ch_strdup( const char *s );
+char * slapi_ch_strndup( const char *s, size_t size );
 void slapi_ch_free( void **ptr );
 void slapi_ch_free_string( char **s );
 struct berval*  slapi_ch_bvdup(const struct berval*);