[OpenWrt-Devel] [PATCH] odhcpd: router: Fix out of scope memory access
Hans Dedecker
dedeckeh at gmail.com
Tue Sep 3 15:39:34 EDT 2019
On Mon, Sep 2, 2019 at 10:30 PM Hauke Mehrtens <hauke at hauke-m.de> wrote:
>
> A pointer to search_buf is accessed by search_domain outside of the
> if branch which defines search_buf. The compiler could already reuse
> this memory.
>
> Coverity: #1445747
> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
> ---
Patch applied; thx
Hans
> src/router.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/src/router.c b/src/router.c
> index 07dd146..700e1ff 100644
> --- a/src/router.c
> +++ b/src/router.c
> @@ -607,6 +607,7 @@ static int send_router_advert(struct interface *iface, const struct in6_addr *fr
> struct in6_addr dns_pref, *dns_addr = NULL;
> size_t dns_cnt = 0, search_len = iface->search_len;
> uint8_t *search_domain = iface->search;
> + uint8_t search_buf[256];
>
> /* DNS Recursive DNS */
> if (iface->dns_cnt > 0) {
> @@ -630,8 +631,6 @@ static int send_router_advert(struct interface *iface, const struct in6_addr *fr
>
> /* DNS Search options */
> if (!search_domain && !res_init() && _res.dnsrch[0] && _res.dnsrch[0][0]) {
> - uint8_t search_buf[256];
> -
> int len = dn_comp(_res.dnsrch[0], search_buf,
> sizeof(search_buf), NULL, NULL);
> if (len > 0) {
> --
> 2.20.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list