diff options
| author | Campus <campus@ntop.org> | 2015-11-19 20:18:37 +0100 |
|---|---|---|
| committer | Campus <campus@ntop.org> | 2015-11-19 20:18:37 +0100 |
| commit | ec034da5c954a49fdd24a7d430064fac5af76594 (patch) | |
| tree | a9d1618243c0fb51ed86a5da2a03d99db621b78a /src/lib/protocols/dns.c | |
| parent | d5b9e4ccd54e4876170bd55a57f0387a98b1dfcb (diff) | |
fixed potential buff overflow with sizeof control
Diffstat (limited to 'src/lib/protocols/dns.c')
| -rw-r--r-- | src/lib/protocols/dns.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 787f9f4d7..a1f813603 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -230,6 +230,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd if(is_dns) { int j = 0; + int size_host_server_name = sizeof(flow->host_server_name); flow->protos.dns.num_queries = (u_int8_t)header.num_queries, flow->protos.dns.num_answers = (u_int8_t)(header.answer_rrs+header.authority_rrs+header.additional_rrs), @@ -238,7 +239,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd i = query_offset+1; while((i < packet->payload_packet_len) - && (j < (sizeof(flow->host_server_name)-1)) + && (j < (size_host_server_name-1)) && (packet->payload[i] != '\0')) { flow->host_server_name[j] = tolower(packet->payload[i]); if(flow->host_server_name[j] < ' ') @@ -250,8 +251,8 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd char a_buf[32]; int i; - for(i=0; i<num_a_records; i++) { - j += snprintf((char*)&flow->host_server_name[j], sizeof(flow->host_server_name)-1-j, "%s%s", + for(i=0; i<num_a_records && j < size_host_server_name; i++) { + j += snprintf((char*)&flow->host_server_name[j], size_host_server_name-1-j, "%s%s", (i == 0) ? "@" : ";", ndpi_intoa_v4(a_record[i], a_buf, sizeof(a_buf))); } |