From ae005c9f673606ef13c5efc3931fd6f400b8d5aa Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 27 Apr 2020 16:48:16 +0200 Subject: [PATCH] Don't read potentially uninitalized memory if gethostname() failed If the buffer is smaller than `HOST_NAME_MAX` (64 on Linux but up to 255 bytes in POSIX, which FreeBSD, MacOS etc honor) gethostname() might return -1 without null-terminating the buffer, causing an out-of-bounds read. As we look for the first '.' using `strchr()`, replacing it with a null byte, we also have a one-byte out-of-bounds write which might result in a crash or, albeit very unlikely, arbitrary code execution. (cherry picked from commit aac6348d56f6f3fdba9dd2455ef06081da507c14) --- pdns/rec-carbon.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pdns/rec-carbon.cc b/pdns/rec-carbon.cc index 218ee83716..4e0cedb00f 100644 --- a/pdns/rec-carbon.cc +++ b/pdns/rec-carbon.cc @@ -33,9 +33,11 @@ try namespace_name="pdns"; } if(hostname.empty()) { - char tmp[80]; + char tmp[HOST_NAME_MAX+1]; memset(tmp, 0, sizeof(tmp)); - gethostname(tmp, sizeof(tmp)); + if (gethostname(tmp, sizeof(tmp)) != 0) { + throw std::runtime_error("The 'carbon-ourname' setting has not been set and we are unable to determine the system's hostname: " + stringerror()); + } char *p = strchr(tmp, '.'); if(p) *p=0; -- 2.47.2