Set host to an empty string on error

While investigating #317, I noticed that it was possible we would access an uninitialized buffer due to failing to check the return value of net_ip2host(). This is done in several places. To make such uses safe, set the host buffer to an empty string on error. It is possible callers could be improved by handling the error in each spot, but this gives us some safety.
author: Will Storey <will@summercat.com> 2017-10-09 12:50:04 -0700
committer: Will Storey <will@summercat.com> 2017-10-09 12:50:04 -0700
commit: 4ccff71f678f79da71713a29d8528812379bb584 (patch)
tree: 456088e7ff1f9e2a2098c66d841e6864b2643e5d /src/core
parent: 016fd344362ddcc4b1a0781df9ac2416acc54e69 (diff)
download: irssi-4ccff71f678f79da71713a29d8528812379bb584.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/src/core/network.c b/src/core/network.c
index 4494dbc6..8d9c6b06 100644
--- a/src/core/network.c
+++ b/src/core/network.c
@@ -489,7 +489,16 @@ int net_gethostbyaddr(IPADDR *ip, char **name)
 
 int net_ip2host(IPADDR *ip, char *host)
 {
-	return inet_ntop(ip->family, &ip->ip, host, MAX_IP_LEN) ? 0 : -1;
+	if (inet_ntop(ip->family, &ip->ip, host, MAX_IP_LEN)) {
+		return 0;
+	}
+
+	// For callers that do not check our return value and pass in an
+	// uninitialized buffer assuming it will be set, ensure the buffer is a valid
+	// string. Ideally callers should check what we return and handle
+	// appropriately, but this at least gives us safety.
+	host[0] = '\0';
+	return -1;
 }
 
 int net_host2ip(const char *host, IPADDR *ip)
author	Will Storey <will@summercat.com>	2017-10-09 12:50:04 -0700
committer	Will Storey <will@summercat.com>	2017-10-09 12:50:04 -0700
commit	4ccff71f678f79da71713a29d8528812379bb584 (patch)
tree	456088e7ff1f9e2a2098c66d841e6864b2643e5d /src/core
parent	016fd344362ddcc4b1a0781df9ac2416acc54e69 (diff)
download	irssi-4ccff71f678f79da71713a29d8528812379bb584.zip