[gnunet] branch master updated: util: fix integer overflow in URI parsin

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnunet] branch master updated: util: fix integer overflow in URI parsin

From:	gnunet
Subject:	[gnunet] branch master updated: util: fix integer overflow in URI parsing. Fixes #9327
Date:	Tue, 05 Nov 2024 09:04:15 +0100

This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository gnunet.

The following commit(s) were added to refs/heads/master by this push:
     new c87c83664 util: fix integer overflow in URI parsing. Fixes #9327
c87c83664 is described below

commit c87c83664845b34ec8363f84951a23c09795e14d
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Tue Nov 5 09:03:51 2024 +0100

    util: fix integer overflow in URI parsing. Fixes #9327
---
 src/cli/hello/gnunet-hello.c |  3 ++-
 src/lib/util/dnsparser.c     | 13 ++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/cli/hello/gnunet-hello.c b/src/cli/hello/gnunet-hello.c
index 829fece57..107a8bf97 100644
--- a/src/cli/hello/gnunet-hello.c
+++ b/src/cli/hello/gnunet-hello.c
@@ -424,7 +424,8 @@ main (int argc, char *const *argv)
                                "dump-hellos",
                                gettext_noop (
                                  "List all known HELLOs in peerstore"),
-                               &print_hellos),    GNUNET_GETOPT_OPTION_END
+                               &print_hellos),
+    GNUNET_GETOPT_OPTION_END
   };
 
   res = GNUNET_PROGRAM_run (argc,
diff --git a/src/lib/util/dnsparser.c b/src/lib/util/dnsparser.c
index 25b99ed37..c1ce17823 100644
--- a/src/lib/util/dnsparser.c
+++ b/src/lib/util/dnsparser.c
@@ -1255,17 +1255,20 @@ GNUNET_DNSPARSER_builder_add_uri (char *dst,
                                   const struct GNUNET_DNSPARSER_UriRecord *uri)
 {
   struct GNUNET_TUN_DnsUriRecord sd;
+  int written;
+  size_t max_target_len;
 
-  if (*off + sizeof(struct GNUNET_TUN_DnsUriRecord) > dst_len)
+  GNUNET_assert (dst_len > sizeof (sd));
+  GNUNET_assert (*off <= SIZE_MAX - sizeof (sd));
+  max_target_len = dst_len - sizeof (sd) - 1;
+  if (*off + sizeof(sd) > dst_len)
     return GNUNET_NO;
   sd.prio = htons (uri->priority);
   sd.weight = htons (uri->weight);
   GNUNET_memcpy (&dst[*off], &sd, sizeof(sd));
   (*off) += sizeof(sd);
-  strncpy (&dst[*off], uri->target, dst_len - sizeof(struct
-                                                     GNUNET_TUN_DnsUriRecord)
-           - 1);
-  (*off) += strlen (uri->target);
+  written = GNUNET_snprintf (&dst[*off], max_target_len, "%s", uri->target);
+  (*off) += written;
   dst[*off] = '\0';
   return GNUNET_OK;
 }

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnunet] branch master updated: util: fix integer overflow in URI parsing. Fixes #9327, gnunet <=

Prev by Date: [gnunet] branch master updated: util: Modify logging behaviour to append newline if absent to prevent clobbering output. Fixes #9313
Next by Date: [gnunet] 04/05: util: Fix possible integer overflows in CERT handling. Fixes #9323
Previous by thread: [gnunet] branch master updated: util: Modify logging behaviour to append newline if absent to prevent clobbering output. Fixes #9313
Next by thread: [gnunet] branch master updated (c87c83664 -> 09fb2e45e)
Index(es):
- Date
- Thread