GNS: fix potential memory access violationdev/sebi/sbox

author: Sebastian Nadler <sebastian.nadler@tum.de> 2024-01-11 16:17:54 +0100
committer: Sebastian Nadler <sebastian.nadler@tum.de> 2024-01-11 16:18:57 +0100
commit: 749a3f960acd4074dd75e2075757341f76d0e00c (patch)
tree: 7188e4a98374793c43697b2bad94485916f68d76
parent: a2b4a0a924eed10a0efdcbb912950997be7c484f (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/src/service/gns/gnunet-service-gns_resolver.c b/src/service/gns/gnunet-service-gns_resolver.c
index 7af756aaf..0d7a1cee8 100644
--- a/src/service/gns/gnunet-service-gns_resolver.c
+++ b/src/service/gns/gnunet-service-gns_resolver.c
@@ -2397,7 +2397,16 @@ handle_gns_resolution_result (void *cls,
             box = rd[i].data;
             const char *prefix = rd[i].data + sizeof(struct
                                                      GNUNET_GNSRECORD_SBoxRecord);
-            size_t prefix_len = strlen (prefix) + 1;
+            size_t prefix_len = strnlen (prefix, rd[i].data_size - sizeof(struct
+                                                                          GNUNET_GNSRECORD_SBoxRecord))
+                                + 1;
+            if (prefix_len - 1 >= rd[i].data_size - sizeof(struct
+                                                           GNUNET_GNSRECORD_SBoxRecord))
+            {
+              GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                          "SBOX record with invalid prefix length, maybe not null-terminated\n");
+              continue;
+            }
             GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                         "Got SBOX record, checking if prefixes match... %s vs %s\n",
                         prefix, rh->prefix);
author	Sebastian Nadler <sebastian.nadler@tum.de>	2024-01-11 16:17:54 +0100
committer	Sebastian Nadler <sebastian.nadler@tum.de>	2024-01-11 16:18:57 +0100
commit	749a3f960acd4074dd75e2075757341f76d0e00c (patch)
tree	7188e4a98374793c43697b2bad94485916f68d76
parent	a2b4a0a924eed10a0efdcbb912950997be7c484f (diff)