From: Oto Šťáva Date: Thu, 20 Oct 2022 11:06:31 +0000 (+0200) Subject: daemon/network: fix heap-buffer-overflow in endpoint key generation X-Git-Tag: v5.6.0~16^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=373f49f0813ffa3476c5f9d59f06c1cbd220d64c;p=thirdparty%2Fknot-resolver.git daemon/network: fix heap-buffer-overflow in endpoint key generation Reproducible by listening on an interface by name, ASAN reports a heap-buffer-overflow. This was a regression caused by !1286, which did not account for null-terminators properly. --- diff --git a/daemon/network.c b/daemon/network.c index 66809dfff..1a54a4f85 100644 --- a/daemon/network.c +++ b/daemon/network.c @@ -302,6 +302,8 @@ void network_deinit(struct network *net) } } +/** Creates an endpoint key for use with a `trie_t` and stores it into `dst`. + * Returns the actual length of the generated key. */ static ssize_t endpoint_key_create(struct endpoint_key_storage *dst, const char *addr_str, const struct sockaddr *sa) @@ -317,8 +319,11 @@ static ssize_t endpoint_key_create(struct endpoint_key_storage *dst, } else { struct endpoint_key_ifname *key = &dst->ifname; key->type = ENDPOINT_KEY_IFNAME; + + /* The subtractions and additions of 1 are here to account for + * null-terminators. */ strncpy(key->ifname, addr_str, sizeof(key->ifname) - 1); - return sizeof(struct endpoint_key) + strnlen(key->ifname, sizeof(key->ifname)); + return sizeof(struct endpoint_key) + strlen(key->ifname) + 1; } }