|
From: | David Bydeley |
Subject: | [lwip-devel] [bug #41775] DNS_MAX_NAME_LENGTH is not valid compare value for strlen |
Date: | Wed, 05 Mar 2014 02:16:26 +0000 |
User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 |
URL: <http://savannah.nongnu.org/bugs/?41775> Summary: DNS_MAX_NAME_LENGTH is not valid compare value for strlen Project: lwIP - A Lightweight TCP/IP stack Submitted by: dbydeley Submitted on: Wed 05 Mar 2014 02:16:24 AM GMT Category: DNS Severity: 3 - Normal Item Group: Faulty Behaviour Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Planned Release: lwIP version: 1.4.1 _______________________________________________________ Details: Function dns_gethostbyname uses DNS_MAX_NAME_LENGTH to check if the provided string name is not too long. (strlen(hostname) >= DNS_MAX_NAME_LENGTH) Function dns_send uses DNS_MAX_NAME_LENGTH to allocate a packet buffer large enough to hold the query format of the name. While the string check in dns_gethostbyname does cover for the needed NULL termination (>=) it does not account for the additional first segment length byte at the beginning of the DNS name query. Therefor a hostname string of DNS_MAX_NAME_LENGTH-1 will pass the check in dns_gethostbyname, but will result in an overrun of one character when you "convert hostname into suitable query format" in dns_send. _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?41775> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |