|
| From: | David Bydeley |
| Subject: | [lwip-devel] [bug #41775] DNS_MAX_NAME_LENGTH is not valid compare value for strlen |
| Date: | Wed, 05 Mar 2014 02:16:26 +0000 |
| User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 |
URL:
<http://savannah.nongnu.org/bugs/?41775>
Summary: DNS_MAX_NAME_LENGTH is not valid compare value for
strlen
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: dbydeley
Submitted on: Wed 05 Mar 2014 02:16:24 AM GMT
Category: DNS
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release:
lwIP version: 1.4.1
_______________________________________________________
Details:
Function dns_gethostbyname uses DNS_MAX_NAME_LENGTH to check if the provided
string name is not too long.
(strlen(hostname) >= DNS_MAX_NAME_LENGTH)
Function dns_send uses DNS_MAX_NAME_LENGTH to allocate a packet buffer large
enough to hold the query format of the name.
While the string check in dns_gethostbyname does cover for the needed NULL
termination (>=) it does not account for the additional first segment length
byte at the beginning of the DNS name query.
Therefor a hostname string of DNS_MAX_NAME_LENGTH-1 will pass the check in
dns_gethostbyname, but will result in an overrun of one character when you
"convert hostname into suitable query format" in dns_send.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?41775>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |