View Issue Details

IDProjectCategoryView StatusLast Update
0009321GNUnetutil librarypublic2024-11-14 09:43
Reporterfefe Assigned Toschanzen  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Target Version0.23.0 
Summary0009321: GNUNET_DNSPARSER_duplicate_cert_record uses strdup instead of memdup
Description
   882 struct GNUNET_DNSPARSER_CertRecord *
   883 GNUNET_DNSPARSER_duplicate_cert_record (
   884 const struct GNUNET_DNSPARSER_CertRecord *r)
   885 {
   886 struct GNUNET_DNSPARSER_CertRecord *dup = GNUNET_memdup (r, sizeof(*r));
   887
   888 dup->certificate_data = GNUNET_strdup (r->certificate_data);
   889 return dup;
   890 }

This looks wrong because here's where certificate_data came from:

   601 cert->certificate_size = udp_payload_length - (*off);
   602 cert->certificate_data = GNUNET_malloc (cert->certificate_size);
   603 GNUNET_memcpy (cert->certificate_data,
   604 &udp_payload[*off],
   605 cert->certificate_size);

Using strdup assumes there is a 0 terminator, which nobody guaranteed.
It could run off the end of the buffer, which we happen to know the size of. We should use it.
TagsNo tags attached.

Activities

schanzen

2024-11-04 19:26

administrator   ~0023659

Fix committed to master branch.

Related Changesets

gnunet: master e014f5f5

2024-11-04 20:25

schanzen


Details Diff
util: Fix dangerous use of strdup in dnsparser. Fixes 0009321 Affected Issues
0009321
mod - src/lib/util/dnsparser.c Diff File

Issue History

Date Modified Username Field Change
2024-11-04 16:45 fefe New Issue
2024-11-04 19:26 schanzen Changeset attached => gnunet master e014f5f5
2024-11-04 19:26 schanzen Note Added: 0023659
2024-11-04 19:26 schanzen Assigned To => schanzen
2024-11-04 19:26 schanzen Status new => resolved
2024-11-04 19:26 schanzen Resolution open => fixed
2024-11-04 19:26 schanzen Target Version => 0.22.3
2024-11-14 09:43 schanzen Target Version 0.22.3 => 0.23.0