[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] Invalid memory references when using lwip_gethostbyname()
|
From: |
Bjoern Doebel |
|
Subject: |
[lwip-devel] Invalid memory references when using lwip_gethostbyname() |
|
Date: |
Mon, 17 May 2010 08:45:21 +0200 |
Hello again,
another issue I came across might be in lwip_gethostbyname() in api/netdb.c.
gethostbyname() returns a hostent containing a NULL-terminated list of
IP addresses. When building lwip with LWIP_DNS_API_HOSTENT_STORAGE ==
0, the hostent returned from lwip_gethostbyname() is a statically
allocated entry in this function and entry's h_addr_list pointer is
set to point to another single statically allocated object. This lacks
the explicit final NULL entry in h_addr_list and potentially (and in
my case really) leads to invalid memory accesses due to calling code
running through this list in search for a terminating NULL.
My current fix is:
Index: src/api/netdb.c
===================================================================
RCS file: /sources/lwip/lwip/src/api/netdb.c,v
retrieving revision 1.17
diff -u -r1.17 netdb.c
--- src/api/netdb.c 16 Mar 2010 15:14:14 -0000 1.17
+++ src/api/netdb.c 17 May 2010 06:45:07 -0000
@@ -91,7 +91,7 @@
HOSTENT_STORAGE struct hostent s_hostent;
HOSTENT_STORAGE char *s_aliases;
HOSTENT_STORAGE ip_addr_t s_hostent_addr;
- HOSTENT_STORAGE ip_addr_t *s_phostent_addr;
+ HOSTENT_STORAGE ip_addr_t *s_phostent_addr[2] = { 0 };
/* query host IP address */
err = netconn_gethostbyname(name, &addr);
@@ -103,7 +103,7 @@
/* fill hostent */
s_hostent_addr = addr;
- s_phostent_addr = &s_hostent_addr;
+ s_phostent_addr[0] = &s_hostent_addr;
s_hostent.h_name = (char*)name;
s_hostent.h_aliases = &s_aliases;
s_hostent.h_addrtype = AF_INET;
Regards,
Bjoern
- [lwip-devel] Invalid memory references when using lwip_gethostbyname(),
Bjoern Doebel <=