diff options
| author | Tobias Klauser <tklauser@distanz.ch> | 2017-02-09 09:12:03 +0100 |
|---|---|---|
| committer | Tobias Klauser <tklauser@distanz.ch> | 2017-02-09 09:12:03 +0100 |
| commit | a7b3d978a705dc160f373f685625e28c9a3022bb (patch) | |
| tree | 3483b095fa00e985f750591eec5a9e07825d1cb5 | |
| parent | 67ce226df0153992385c65285a04da2526692579 (diff) | |
llmnr-query: Allocate receive buffer large enough
If an LLMNR response exceeds 128 bytes, it will get truncated. This
leads to out-of-bounds read access during parsing and causes garbage
data to be printed.
Fix it by allocating the buffer large enough (according to RFC).
Possible future improvment would be to consider the link MTU size to
save some memory.
Fixes #21
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
| -rw-r--r-- | llmnr-query.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/llmnr-query.c b/llmnr-query.c index 920ac96..1706add 100644 --- a/llmnr-query.c +++ b/llmnr-query.c @@ -39,6 +39,9 @@ #include "log.h" #include "pkt.h" +/* Maximum possible size RFC 4795, section 2.1 */ +static const size_t LLMNR_QUERY_PKT_BUF_SIZE = 9194; + static const char *short_ops = "c:d:i:I:t:T:6hV"; static const struct option long_opts[] = { { "count", required_argument, NULL, 'c' }, @@ -213,7 +216,7 @@ int main(int argc, char **argv) } } - p = pkt_alloc(128); + p = pkt_alloc(LLMNR_QUERY_PKT_BUF_SIZE); log_info("LLMNR query: %s IN %s\n", query_name, query_type(qtype)); |