Fix netd crash on gethostbyname(NULL) and add a regression test
Bug: 169105756
Change-Id: I923d28d5bb83c3db0927dffffd3063e3add6a91a
diff --git a/gethnamaddr.cpp b/gethnamaddr.cpp
index 23f94bb..6a5f116 100644
--- a/gethnamaddr.cpp
+++ b/gethnamaddr.cpp
@@ -388,8 +388,11 @@
int resolv_gethostbyname(const char* name, int af, hostent* hp, char* buf, size_t buflen,
const android_net_context* netcontext, hostent** result,
NetworkDnsEventReported* event) {
- getnamaddr info;
+ if (name == nullptr || hp == nullptr) {
+ return EAI_SYSTEM;
+ }
+ getnamaddr info;
ResState res;
res_init(&res, netcontext, event);
diff --git a/tests/resolv_integration_test.cpp b/tests/resolv_integration_test.cpp
index b53d2ba..8849720 100644
--- a/tests/resolv_integration_test.cpp
+++ b/tests/resolv_integration_test.cpp
@@ -393,7 +393,7 @@
result = gethostbyname("nonexistent");
EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
ASSERT_TRUE(result == nullptr);
- ASSERT_EQ(HOST_NOT_FOUND, h_errno);
+ EXPECT_EQ(HOST_NOT_FOUND, h_errno);
dns.clearQueries();
result = gethostbyname("hello");
@@ -405,6 +405,19 @@
EXPECT_TRUE(result->h_addr_list[1] == nullptr);
}
+TEST_F(ResolverTest, GetHostByName_NULL) {
+ // Most libc implementations would just crash on gethostbyname(NULL). Instead, Bionic
+ // serializes the null argument over dnsproxyd, causing the server-side to crash!
+ // This is a regression test.
+ const char* const testcases[] = {nullptr, "", "^"};
+ for (const char* name : testcases) {
+ SCOPED_TRACE(fmt::format("gethostbyname({})", name ? name : "NULL"));
+ const hostent* result = gethostbyname(name);
+ EXPECT_TRUE(result == nullptr);
+ EXPECT_EQ(HOST_NOT_FOUND, h_errno);
+ }
+}
+
TEST_F(ResolverTest, GetHostByName_cnames) {
constexpr char host_name[] = "host.example.com.";
size_t cnamecount = 0;