What is the meaning of this code?

Hi,

Below is a implementation of gethostbyname_r:

int gethostbyname_r(const char* name, struct hostent* result,
char *buf, size_t buflen,
struct hostent **RESULT, int *h_errnop) {
size_t L=strlen(name);
result->h_name=buf;
if (buflen<L) { *h_errnop=ERANGE; return
1; } //LINEa
strcpy(buf,name);
#ifdef WANT_INET_ADDR_DNS
result->h_addr_list=(char**)(buf+strlen(name)
+1); //LINEb
result->h_addr_list+=sizeof(unsigned long)-((unsigned long)(result-
h_addr_list)&(sizeof(unsigned long)-1));
result->h_addr_list[0]=(char*)&result-
h_addr_list[2]; //LINEc
if (inet_pton(AF_INET,name,result->h_addr_list[0])) {
result->h_addrtype=AF_INET;
result->h_length=4;
commonip:
result->h_aliases=result->h_addr_list+2*sizeof(char**);
result->h_aliases[0]=0;
result->h_addr_list[1]=0;
*RESULT=result;
*h_errnop=0;
return 0;
} else if (inet_pton(AF_INET6,name,result->h_addr_list[0])) {
result->h_addrtype=AF_INET6;
result->h_length=16;
goto commonip;
}
#endif
#ifdef WANT_ETC_HOSTS
{
struct hostent* r;
while ((r=gethostent_r(buf,buflen))) {
int i;
if (r->h_addrtype==AF_INET && !strcasecmp(r->h_name,name)) { /*
found it! */
found:
memmove(result,r,sizeof(struct hostent));
*RESULT=result;
*h_errnop=0;
endhostent();
return 0;
}
for (i=0; i<16; ++i) {
if (r->h_aliases[i]) {
if (!strcasecmp(r->h_aliases[i],name)) goto found;
} else break;
}
}
endhostent();
}
#endif
return __dns_gethostbyx_r(name,result,buf+L,buflen-L,RESULT,h_errnop,
1);
}

At LINEa, result->h_addr_list is assigned to (char**)(buf+strlen(name)
+1), so
result->h_addr_list[0] is equal to (char*)(buf+strlen(name)+1). But
the memory content at
(char*)(buf+strlen(name)+1) is undefined, right?

At LINEc, result->h_addr_list[2] is undefined, right? Why result-
h_addr_list[2] is assigned to
result->h_addr_list[0]?

LINEa only requires buflen to be larger or equal to strlen(name). If
buf is not large enough, will it cause buffer overflow?

Thanks.

Jack

.

Relevant Pages