From 94d6be4538a465a3740cc2c9d8f05336d6b24e2c Mon Sep 17 00:00:00 2001
From: "Rob Swindell (on Debian Linux)" <rob@synchro.net>
Date: Sun, 4 Jun 2023 12:00:30 -0700
Subject: [PATCH] Fix more potential null-ptr-derefs in use of gethostbyname()

No known sightings of these sites actually being the location of a segfault,
but as we learned from the segfaults in rblchk(), the first entry in the
h_addr_list can be NULL in some cases.
---
 src/sbbs3/ftpsrvr.c  | 3 ++-
 src/sbbs3/mailsrvr.c | 3 +++
 src/sbbs3/main.cpp   | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/sbbs3/ftpsrvr.c b/src/sbbs3/ftpsrvr.c
index 097a6b028d..ef797ff3d6 100644
--- a/src/sbbs3/ftpsrvr.c
+++ b/src/sbbs3/ftpsrvr.c
@@ -3024,7 +3024,8 @@ static void ctrl_thread(void* arg)
 				ip_addr=0;
 				/* TODO: IPv6 this here lookup */
 				if(startup->options&FTP_OPT_LOOKUP_PASV_IP
-					&& (host=gethostbyname(server_host_name()))!=NULL)
+					&& (host=gethostbyname(server_host_name()))!=NULL
+					&& host->h_addr_list[0] != NULL)
 					ip_addr=ntohl(*((ulong*)host->h_addr_list[0]));
 				if(ip_addr==0 && (ip_addr=startup->pasv_ip_addr.s_addr)==0)
 					ip_addr=ntohl(pasv_addr.in.sin_addr.s_addr);
diff --git a/src/sbbs3/mailsrvr.c b/src/sbbs3/mailsrvr.c
index 95de34bdd3..896b91961e 100644
--- a/src/sbbs3/mailsrvr.c
+++ b/src/sbbs3/mailsrvr.c
@@ -943,6 +943,9 @@ static u_long resolve_ip(const char *inaddr)
 	if((host=gethostbyname(inaddr))==NULL)
 		return((u_long)INADDR_NONE);
 
+	if(host->h_addr_list[0] == NULL)
+		return (u_long)INADDR_NONE;
+
 	return(*((ulong*)host->h_addr_list[0]));
 }
 
diff --git a/src/sbbs3/main.cpp b/src/sbbs3/main.cpp
index a699d961a2..0aeb7a3a2a 100644
--- a/src/sbbs3/main.cpp
+++ b/src/sbbs3/main.cpp
@@ -381,6 +381,8 @@ u_long resolve_ip(char *addr)
 		return(inet_addr(addr));
 	if((host=gethostbyname(addr))==NULL)
 		return((u_long)INADDR_NONE);
+	if(host->h_addr_list[0] == NULL)
+		return (u_long)INADDR_NONE;
 	return(*((ulong*)host->h_addr_list[0]));
 }
 
-- 
GitLab