diff options
author | Tobias Klauser <tklauser@distanz.ch> | 2017-02-09 09:09:53 +0100 |
---|---|---|
committer | Tobias Klauser <tklauser@distanz.ch> | 2017-02-09 09:09:53 +0100 |
commit | 67ce226df0153992385c65285a04da2526692579 (patch) | |
tree | 072418cc24bf10627b4e0340df0adf81ffe56af6 | |
parent | 3a6bc9c6901c56f22bf105670f6da281f9eceba1 (diff) |
llmnr-query: Fix two cases where misaliged access could occur
Two places where a misaliged could occur were missed in commit 7f719d2
("llmnr-query: Extract LLMNR packet data in an alignment-safe way"). Fix
them now.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
-rw-r--r-- | llmnr-query.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/llmnr-query.c b/llmnr-query.c index 996723d..920ac96 100644 --- a/llmnr-query.c +++ b/llmnr-query.c @@ -328,23 +328,25 @@ int main(int argc, char **argv) pkt_put(p, query_pkt_len); for (j = 0; j < ancount; ++j) { - uint8_t nl = *pkt_put(p, 1); + uint8_t nl = pkt_put_extract_u8(p); char addr[INET6_ADDRSTRLEN + 1]; uint16_t type, clss, addr_size; uint32_t ttl; - const char *name; + char name[LLMNR_LABEL_MAX_SIZE + 1]; int af; /* compression? */ if (nl & 0xC0) { - uint16_t ptr = (nl & 0x3F) << 8 | *pkt_put(p, 1); - if (ptr < p->size - 1) - name = (char *)p->data + ptr + 1; - else - name = "<invalid>"; - } else { - name = (char *)pkt_put(p, nl + 1); - } + uint16_t ptr = (nl & 0x3F) << 8 | pkt_put_extract_u8(p); + if (ptr < p->size - 1) { + uint8_t nnl = p->data[ptr]; + strncpy(name, (char *)&p->data[ptr + 1], nnl); + } else + strncpy(name, "<invalid>", LLMNR_LABEL_MAX_SIZE); + } else + strncpy(name, (char *)pkt_put(p, nl + 1), nl); + + name[LLMNR_LABEL_MAX_SIZE] = '\0'; type = htons(pkt_put_extract_u16(p)); clss = htons(pkt_put_extract_u16(p)); |