[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 11/14] dns: reset data->naddresses for every packet we receiv
From: |
Andrei Borzenkov |
Subject: |
Re: [PATCH 11/14] dns: reset data->naddresses for every packet we receive |
Date: |
Sat, 13 Feb 2016 19:05:04 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 |
11.02.2016 00:21, Josef Bacik пишет:
> I noticed when debugging a problem that we'd corrupt memory if our dns server
> didn't respond fast enough and we ended up asking for both an AAAA and A
> record
> for a server. The problem is we alloc data->addresses based on the number of
> addresses in the packet, but we populate it based on data->naddresses. So we
> get the AAAA record with one address, and we add that, then we get the A
> record
> with one address and now data->naddresses == 1 but the ancount is 1, so we
> allocate data->addresses to hold one address but write the new address outside
> the array. We also leak the old addresses memory. So fix this by noticing if
> we already have an address and free the old memory and reset naddresses so we
> don't overflow our new array.
>
> Signed-off-by: Josef Bacik <address@hidden>
> ---
> grub-core/net/dns.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
> index 86e609b..7a6c4b4 100644
> --- a/grub-core/net/dns.c
> +++ b/grub-core/net/dns.c
> @@ -276,6 +276,9 @@ recv_hook (grub_net_udp_socket_t sock __attribute__
> ((unused)),
> ptr++;
> ptr += 4;
> }
> + if (*data->naddresses)
> + grub_free (*data->addresses);
> + *data->naddresses = 0;
> *data->addresses = grub_malloc (sizeof ((*data->addresses)[0])
> * grub_be_to_cpu16 (head->ancount));
Hmm ... cannot we resize it?
*data->addresses = grub_realloc (*data->addresses,
sizeof ((*data->addresses)[0]) * (*data->naddresses += grub_be_to_cpu16
(head->ancount)))
as adjusted to not leak old pointer.
This way answers we got before would not be lost.
> if (!*data->addresses)
>
- [PATCH 00/14] Facebook's netbooting patches, Josef Bacik, 2016/02/10
- [PATCH 08/14] efinet: filter multicast traffic based on addresses, Josef Bacik, 2016/02/10
- [PATCH 09/14] efinet: clear the txbuffer before modifying the receive filters, Josef Bacik, 2016/02/10
- [PATCH 13/14] bootp: don't add multiple interfaces for the same address, Josef Bacik, 2016/02/10
- [PATCH 11/14] dns: reset data->naddresses for every packet we receive, Josef Bacik, 2016/02/10
- Re: [PATCH 11/14] dns: reset data->naddresses for every packet we receive,
Andrei Borzenkov <=
- [PATCH 10/14] dns: poll card between each dns request, Josef Bacik, 2016/02/10
- [PATCH 12/14] icmp6: use default interface as the route interface, Josef Bacik, 2016/02/10
- [PATCH 04/14] tcp: add window scaling and RTTM support, Josef Bacik, 2016/02/10
- [PATCH 01/14] Added net_bootp6 command, Josef Bacik, 2016/02/10
- [PATCH 02/14] UEFI IPv6 PXE support, Josef Bacik, 2016/02/10