[OpenWrt-Devel] [PATCH] odhcpd: router: Fix out of scope memory access
Hauke Mehrtens
hauke at hauke-m.de
Mon Sep 2 16:29:49 EDT 2019
A pointer to search_buf is accessed by search_domain outside of the
if branch which defines search_buf. The compiler could already reuse
this memory.
Coverity: #1445747
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
src/router.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/router.c b/src/router.c
index 07dd146..700e1ff 100644
--- a/src/router.c
+++ b/src/router.c
@@ -607,6 +607,7 @@ static int send_router_advert(struct interface *iface, const struct in6_addr *fr
struct in6_addr dns_pref, *dns_addr = NULL;
size_t dns_cnt = 0, search_len = iface->search_len;
uint8_t *search_domain = iface->search;
+ uint8_t search_buf[256];
/* DNS Recursive DNS */
if (iface->dns_cnt > 0) {
@@ -630,8 +631,6 @@ static int send_router_advert(struct interface *iface, const struct in6_addr *fr
/* DNS Search options */
if (!search_domain && !res_init() && _res.dnsrch[0] && _res.dnsrch[0][0]) {
- uint8_t search_buf[256];
-
int len = dn_comp(_res.dnsrch[0], search_buf,
sizeof(search_buf), NULL, NULL);
if (len > 0) {
--
2.20.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list