llmnr-query: Allocate receive buffer large enough

If an LLMNR response exceeds 128 bytes, it will get truncated. This leads to out-of-bounds read access during parsing and causes garbage data to be printed. Fix it by allocating the buffer large enough (according to RFC). Possible future improvment would be to consider the link MTU size to save some memory. Fixes #21 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
author: Tobias Klauser <tklauser@distanz.ch> 2017-02-09 09:12:03 +0100
committer: Tobias Klauser <tklauser@distanz.ch> 2017-02-09 09:12:03 +0100
commit: a7b3d978a705dc160f373f685625e28c9a3022bb (patch)
tree: 3483b095fa00e985f750591eec5a9e07825d1cb5 /llmnr-query.c
parent: 67ce226df0153992385c65285a04da2526692579 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/llmnr-query.c b/llmnr-query.c
index 920ac96..1706add 100644
--- a/llmnr-query.c
+++ b/llmnr-query.c
@@ -39,6 +39,9 @@
 #include "log.h"
 #include "pkt.h"
 
+/* Maximum possible size RFC 4795, section 2.1 */
+static const size_t LLMNR_QUERY_PKT_BUF_SIZE = 9194;
+
 static const char *short_ops = "c:d:i:I:t:T:6hV";
 static const struct option long_opts[] = {
 	{ "count",	required_argument,	NULL, 'c' },
@@ -213,7 +216,7 @@ int main(int argc, char **argv)
 		}
 	}
 
-	p = pkt_alloc(128);
+	p = pkt_alloc(LLMNR_QUERY_PKT_BUF_SIZE);
 
 	log_info("LLMNR query: %s IN %s\n", query_name, query_type(qtype));
author	Tobias Klauser <tklauser@distanz.ch>	2017-02-09 09:12:03 +0100
committer	Tobias Klauser <tklauser@distanz.ch>	2017-02-09 09:12:03 +0100
commit	a7b3d978a705dc160f373f685625e28c9a3022bb (patch)
tree	3483b095fa00e985f750591eec5a9e07825d1cb5 /llmnr-query.c
parent	67ce226df0153992385c65285a04da2526692579 (diff)