diff mbox

[v3] dns_resolver: assure that dns_query() result is null-terminated

Message ID 1402178245-8076-1-git-send-email-manuel.schoelling@gmx.de
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Manuel Schölling June 7, 2014, 9:57 p.m. UTC 
dns_query() credulously assumes that keys are null-terminated and
returns a copy of a memory block that is off by one.

Signed-off-by: Manuel Schölling <manuel.schoelling@gmx.de>
---
 net/dns_resolver/dns_query.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

David Miller June 11, 2014, 7:12 a.m. UTC | #1 
From: Manuel Schölling <manuel.schoelling@gmx.de>
Date: Sat,  7 Jun 2014 23:57:25 +0200

> dns_query() credulously assumes that keys are null-terminated and
> returns a copy of a memory block that is off by one.
> 
> Signed-off-by: Manuel Schölling <manuel.schoelling@gmx.de>

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index e7b6d53..6853d22 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -149,7 +149,9 @@  int dns_query(const char *type, const char *name, size_t namelen,
 	if (!*_result)
 		goto put;
 
-	memcpy(*_result, upayload->data, len + 1);
+	memcpy(*_result, upayload->data, len);
+	*_result[len] = '\0';
+
 	if (_expiry)
 		*_expiry = rkey->expiry;