0009321: GNUNET_DNSPARSER_duplicate_cert_record uses strdup instead of memdup

ID	Project	Category	View Status	Date Submitted	Last Update

0009321	GNUnet	util library	public	2024-11-04 16:45	2024-11-14 09:43

Reporter	fefe	Assigned To	schanzen
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	fixed
Target Version	0.23.0

Summary	0009321: GNUNET_DNSPARSER_duplicate_cert_record uses strdup instead of memdup
Description	882 struct GNUNET_DNSPARSER_CertRecord * 883 GNUNET_DNSPARSER_duplicate_cert_record ( 884 const struct GNUNET_DNSPARSER_CertRecord r) 885 { 886 struct GNUNET_DNSPARSER_CertRecord dup = GNUNET_memdup (r, sizeof(r)); 887 888 dup->certificate_data = GNUNET_strdup (r->certificate_data); 889 return dup; 890 } This looks wrong because here's where certificate_data came from: 601 cert->certificate_size = udp_payload_length - (off); 602 cert->certificate_data = GNUNET_malloc (cert->certificate_size); 603 GNUNET_memcpy (cert->certificate_data, 604 &udp_payload[*off], 605 cert->certificate_size); Using strdup assumes there is a 0 terminator, which nobody guaranteed. It could run off the end of the buffer, which we happen to know the size of. We should use it.
Tags	No tags attached.

Date Modified	Username	Field	Change
2024-11-04 16:45	fefe	New Issue
2024-11-04 19:26	schanzen	Changeset attached	=> gnunet master e014f5f5
2024-11-04 19:26	schanzen	Note Added: 0023659
2024-11-04 19:26	schanzen	Assigned To	=> schanzen
2024-11-04 19:26	schanzen	Status	new => resolved
2024-11-04 19:26	schanzen	Resolution	open => fixed
2024-11-04 19:26	schanzen	Target Version	=> 0.22.3
2024-11-14 09:43	schanzen	Target Version	0.22.3 => 0.23.0

gnunet: master e014f5f5 2024-11-04 20:25 schanzen Details Diff	util: Fix dangerous use of strdup in dnsparser. Fixes 0009321		Affected Issues 0009321
	mod - src/lib/util/dnsparser.c		Diff File

schanzen 2024-11-04 19:26 administrator ~0023659	Fix committed to master branch.