diff options
author | Sebastian Nadler <sebastian.nadler@tum.de> | 2024-01-11 16:17:54 +0100 |
---|---|---|
committer | Sebastian Nadler <sebastian.nadler@tum.de> | 2024-01-11 16:18:57 +0100 |
commit | 749a3f960acd4074dd75e2075757341f76d0e00c (patch) | |
tree | 7188e4a98374793c43697b2bad94485916f68d76 | |
parent | a2b4a0a924eed10a0efdcbb912950997be7c484f (diff) |
GNS: fix potential memory access violationdev/sebi/sbox
-rw-r--r-- | src/service/gns/gnunet-service-gns_resolver.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/service/gns/gnunet-service-gns_resolver.c b/src/service/gns/gnunet-service-gns_resolver.c index 7af756aaf..0d7a1cee8 100644 --- a/src/service/gns/gnunet-service-gns_resolver.c +++ b/src/service/gns/gnunet-service-gns_resolver.c @@ -2397,7 +2397,16 @@ handle_gns_resolution_result (void *cls, box = rd[i].data; const char *prefix = rd[i].data + sizeof(struct GNUNET_GNSRECORD_SBoxRecord); - size_t prefix_len = strlen (prefix) + 1; + size_t prefix_len = strnlen (prefix, rd[i].data_size - sizeof(struct + GNUNET_GNSRECORD_SBoxRecord)) + + 1; + if (prefix_len - 1 >= rd[i].data_size - sizeof(struct + GNUNET_GNSRECORD_SBoxRecord)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "SBOX record with invalid prefix length, maybe not null-terminated\n"); + continue; + } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got SBOX record, checking if prefixes match... %s vs %s\n", prefix, rh->prefix); |