From 50346b1d0fcd69a0be37fc5dfd2f5ec65ae58c28 Mon Sep 17 00:00:00 2001 From: Jonas Gunz Date: Tue, 21 Sep 2021 23:45:30 +0200 Subject: Fix false-positive out of bounds in dns.c --- src/dns.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/dns.c b/src/dns.c index 95baf56..05718c5 100644 --- a/src/dns.c +++ b/src/dns.c @@ -163,10 +163,10 @@ int dns_parse_packet ( char* _buffer, int _bufflen, dns_message_t* _msg ) qsize = sizeof(*(_msg->question)) * (unsigned)_msg->question_count; _msg->question_count = _msg->header.question_count; _msg->question = malloc ( qsize ); - memset( _msg->question, 0, qsize ); if (!_msg->question) /* malloc failed */ return 1; + memset( _msg->question, 0, qsize ); ptr = 12; /* byte counter */ @@ -181,7 +181,8 @@ int dns_parse_packet ( char* _buffer, int _bufflen, dns_message_t* _msg ) _msg->question[i].qname_len = qname_len; ptr += qname_len; - if( ptr >= (_bufflen - 4) ) /* Out of bounds check */ + /* TODO this is fishy. should be 4, only works with 3 */ + if( ptr >= (_bufflen - 3) ) /* Out of bounds check */ return 1; _msg->question[i].qtype = (uint16_t)((uint8_t)*(_buffer + ptr) << 8) | ((uint8_t)*(_buffer + ptr + 1)); @@ -295,7 +296,6 @@ int qname_check( char* _source, int _sourcelen ) int next_dot = 0; int i = 0; - /* TODO Bounds checking!! */ if (!_sourcelen) return -1; -- cgit v1.2.3