getname() vulnerabilitiy

[Jonathan Heusser <jonny () drugphish ch>]

Hello,

addrtoname.c:getname() does not check its argument. Assuming the 
argument is e.g. NULL
and the function is called leads to a segmentation fault in memcpy().
Which is problematic since it is heavily used, either as getname() or 
ipaddr_string().

I found at least one place where this bug can be triggered, that
is in print-isakmp.c:isakmp_id_print() line 707.

If I'm not wrong, this problem affects all versions, including CVS.
A patch is attached.

thanks,
jonathan heusser

--
Key fingerprint = 2A55 EB7C B7EA 6336 7767  4A47 910A 307B 1333 BD6C

--- addrtoname.c.old    Fri Feb 13 17:29:54 2004
+++ addrtoname.c        Fri Feb 13 17:32:45 2004
@@ -203,6 +203,10 @@
        u_int32_t addr;
        static struct hnamemem *p;              /* static for longjmp() */
 
+       if(!TTEST2(*ap, sizeof(addr))) {
+               return NULL;
+       }
+
        memcpy(&addr, ap, sizeof(addr));
        p = &hnametable[addr & (HASHNAMESIZE-1)];
        for (; p->nxt; p = p->nxt) {