summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Klauser <tklauser@distanz.ch>2017-02-09 09:09:53 +0100
committerTobias Klauser <tklauser@distanz.ch>2017-02-09 09:09:53 +0100
commit67ce226df0153992385c65285a04da2526692579 (patch)
tree072418cc24bf10627b4e0340df0adf81ffe56af6
parent3a6bc9c6901c56f22bf105670f6da281f9eceba1 (diff)
llmnr-query: Fix two cases where misaliged access could occur
Two places where a misaliged could occur were missed in commit 7f719d2 ("llmnr-query: Extract LLMNR packet data in an alignment-safe way"). Fix them now. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
-rw-r--r--llmnr-query.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/llmnr-query.c b/llmnr-query.c
index 996723d..920ac96 100644
--- a/llmnr-query.c
+++ b/llmnr-query.c
@@ -328,23 +328,25 @@ int main(int argc, char **argv)
pkt_put(p, query_pkt_len);
for (j = 0; j < ancount; ++j) {
- uint8_t nl = *pkt_put(p, 1);
+ uint8_t nl = pkt_put_extract_u8(p);
char addr[INET6_ADDRSTRLEN + 1];
uint16_t type, clss, addr_size;
uint32_t ttl;
- const char *name;
+ char name[LLMNR_LABEL_MAX_SIZE + 1];
int af;
/* compression? */
if (nl & 0xC0) {
- uint16_t ptr = (nl & 0x3F) << 8 | *pkt_put(p, 1);
- if (ptr < p->size - 1)
- name = (char *)p->data + ptr + 1;
- else
- name = "<invalid>";
- } else {
- name = (char *)pkt_put(p, nl + 1);
- }
+ uint16_t ptr = (nl & 0x3F) << 8 | pkt_put_extract_u8(p);
+ if (ptr < p->size - 1) {
+ uint8_t nnl = p->data[ptr];
+ strncpy(name, (char *)&p->data[ptr + 1], nnl);
+ } else
+ strncpy(name, "<invalid>", LLMNR_LABEL_MAX_SIZE);
+ } else
+ strncpy(name, (char *)pkt_put(p, nl + 1), nl);
+
+ name[LLMNR_LABEL_MAX_SIZE] = '\0';
type = htons(pkt_put_extract_u16(p));
clss = htons(pkt_put_extract_u16(p));