I can't be 100% sure, but isn't the host-alias handling
in lib/hostip.c a bit unsafe? I tried consulting the HP/UX
man-pages, but it doesn't say what 'h_aliases' should be if
there are no aliases (NULL or an array of NULLs).

Around line 455, cURL references 'h_aliases[i]', but on the stack
here, 'h_aliases' is NULL which causes a crash. Why not be a bit
conservative here?

Was:
  for (i = 0; orig->h_aliases[i] != NULL; ++i);

Should IMHO be:
  for (i = 0; orig->h_aliases && orig->h_aliases[i] != NULL; ++i);

And:
  /* Clone all known aliases */
  if (orig->h_aliases)
     for(i = 0; (str = orig->h_aliases[i]); i++) {

Sorry, no diffs. I deleted the original.

Gisle V.

-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
Received on 2003-05-19