diff options
| author | Oto Šťáva <oto.stava@nic.cz> | 2022-10-20 13:06:31 +0200 |
|---|---|---|
| committer | Oto Šťáva <oto.stava@nic.cz> | 2022-10-25 07:54:27 +0200 |
| commit | 373f49f0813ffa3476c5f9d59f06c1cbd220d64c (patch) | |
| tree | d8f53ad661b1ba408adc21e1aa95201668eebb7b /daemon | |
| parent | Merge !1349: modules/dns64: add recommendation to also disable DNS64 via IPv4 (diff) | |
| download | knot-resolver-373f49f0813ffa3476c5f9d59f06c1cbd220d64c.tar.xz knot-resolver-373f49f0813ffa3476c5f9d59f06c1cbd220d64c.zip | |
daemon/network: fix heap-buffer-overflow in endpoint key generation
Reproducible by listening on an interface by name, ASAN reports a
heap-buffer-overflow. This was a regression caused by !1286, which did
not account for null-terminators properly.
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/network.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/daemon/network.c b/daemon/network.c index 66809dff..1a54a4f8 100644 --- a/daemon/network.c +++ b/daemon/network.c @@ -302,6 +302,8 @@ void network_deinit(struct network *net) } } +/** Creates an endpoint key for use with a `trie_t` and stores it into `dst`. + * Returns the actual length of the generated key. */ static ssize_t endpoint_key_create(struct endpoint_key_storage *dst, const char *addr_str, const struct sockaddr *sa) @@ -317,8 +319,11 @@ static ssize_t endpoint_key_create(struct endpoint_key_storage *dst, } else { struct endpoint_key_ifname *key = &dst->ifname; key->type = ENDPOINT_KEY_IFNAME; + + /* The subtractions and additions of 1 are here to account for + * null-terminators. */ strncpy(key->ifname, addr_str, sizeof(key->ifname) - 1); - return sizeof(struct endpoint_key) + strnlen(key->ifname, sizeof(key->ifname)); + return sizeof(struct endpoint_key) + strlen(key->ifname) + 1; } } |