From: Ian Jackson Date: Fri, 12 Aug 2016 21:32:23 +0000 (+0100) Subject: adnsresfilter: Fix addrtextbuf buffer size X-Git-Tag: adns-1.5.1~5 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commitdiff_plain;h=9b5218c341a6d6b37a12260f171e9007b9eb9908 adnsresfilter: Fix addrtextbuf buffer size We can write 18 bytes (including the trailing nul) to this. This is not actually a problem in real compiled code because: cbyte is generally the next thing; cbytes's alignment means that there are a further two bytes of padding; and we only write the next two bytes (']' and a nul) in a situation where we are done with cbyte anyway. But it should be fixed. Reported-by: Ron Henderson Signed-off-by: Ian Jackson --- diff --git a/changelog b/changelog index 3449f33..487c24e 100644 --- a/changelog +++ b/changelog @@ -12,6 +12,8 @@ adns (1.5.1~~) UPSTREAM; urgency=low when one of the address queries returns a permanent error (although, the application almost certainly won't use this pointer because the associated count is zero). + * adnsresfilter: Fix addrtextbuf buffer size. This is not actually a + problem in real compiled code but should be corrected. -- diff --git a/client/adnsresfilter.c b/client/adnsresfilter.c index 770af17..3e5255c 100644 --- a/client/adnsresfilter.c +++ b/client/adnsresfilter.c @@ -67,7 +67,7 @@ static int peroutqueuenode, outqueuelen; static struct sockaddr_in sa; static adns_state ads; -static char addrtextbuf[14]; +static char addrtextbuf[18]; /* [ddd.ddd.ddd.ddd] + nul */ static int cbyte, inbyte, inbuf; static unsigned char bytes[4]; static struct timeval printbefore;