[riot-notifications] [RIOT-OS/RIOT] sock_dns: fix out-of-bound errors (#10740)

Kaspar Schleiser notifications at github.com
Wed Jan 9 23:41:52 CET 2019


kaspar030 commented on this pull request.



>          /* skip unwanted answers */
         if ((class != DNS_CLASS_IN) ||
                 ((_type == DNS_TYPE_A) && (family == AF_INET6)) ||
                 ((_type == DNS_TYPE_AAAA) && (family == AF_INET)) ||
                 ! ((_type == DNS_TYPE_A) || ((_type == DNS_TYPE_AAAA))
                     )) {
+            if ((bufpos + addrlen) < buf) {
+                /* buffer wraps around memory space */
+                return -EBADMSG;
+            }

Just checking if ```addrlen > len``` should be sufficient to check if addrlen would cause overflow.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/10740#discussion_r246574249
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190109/61d741f7/attachment.html>


More information about the notifications mailing list