summaryrefslogtreecommitdiff
path: root/llmnr-query.c
diff options
context:
space:
mode:
authorTobias Klauser <tklauser@distanz.ch>2017-02-09 09:12:03 +0100
committerTobias Klauser <tklauser@distanz.ch>2017-02-09 09:12:03 +0100
commita7b3d978a705dc160f373f685625e28c9a3022bb (patch)
tree3483b095fa00e985f750591eec5a9e07825d1cb5 /llmnr-query.c
parent67ce226df0153992385c65285a04da2526692579 (diff)
llmnr-query: Allocate receive buffer large enough
If an LLMNR response exceeds 128 bytes, it will get truncated. This leads to out-of-bounds read access during parsing and causes garbage data to be printed. Fix it by allocating the buffer large enough (according to RFC). Possible future improvment would be to consider the link MTU size to save some memory. Fixes #21 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Diffstat (limited to 'llmnr-query.c')
-rw-r--r--llmnr-query.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/llmnr-query.c b/llmnr-query.c
index 920ac96..1706add 100644
--- a/llmnr-query.c
+++ b/llmnr-query.c
@@ -39,6 +39,9 @@
#include "log.h"
#include "pkt.h"
+/* Maximum possible size RFC 4795, section 2.1 */
+static const size_t LLMNR_QUERY_PKT_BUF_SIZE = 9194;
+
static const char *short_ops = "c:d:i:I:t:T:6hV";
static const struct option long_opts[] = {
{ "count", required_argument, NULL, 'c' },
@@ -213,7 +216,7 @@ int main(int argc, char **argv)
}
}
- p = pkt_alloc(128);
+ p = pkt_alloc(LLMNR_QUERY_PKT_BUF_SIZE);
log_info("LLMNR query: %s IN %s\n", query_name, query_type(qtype));