Age | Commit message (Collapse) | Author | Files | Lines |
|
If an LLMNR response exceeds 128 bytes, it will get truncated. This
leads to out-of-bounds read access during parsing and causes garbage
data to be printed.
Fix it by allocating the buffer large enough (according to RFC).
Possible future improvment would be to consider the link MTU size to
save some memory.
Fixes #21
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Two places where a misaliged could occur were missed in commit 7f719d2
("llmnr-query: Extract LLMNR packet data in an alignment-safe way"). Fix
them now.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Follow commit 9bec6fb9 ("Fix misaligned memory access") for llmnr-query
and extract values from the response packets in a way that doesn't cause
unaligned memory access on architectures that don't support it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If the IPv6 address in the reply is 48 bytes long, inet_ntop() would
overflow the addr buffer. Account for the terminating NULL byte.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This fixes the following GCC warning:
llmnr-query.c:345:12: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make llmnr-query work on FreeBSD and Darwin by using sendmsg() to send
UDP packets. Using sendto() doesn't seem to work for IPv6 sockets. Also
specify the size of the corresponding sockaddr type, not of
sockaddr_storage.
Tested on FreeBSD 11.0, Mac OS X 10.11.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Also change the description slightly and mention the LLMNR RFC number.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Also add a comment indicating the repurposing of the pkt struct.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When accessing the compressed name in a response, verify that the
pointer is within the packet size.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow to override the transaction id in the LLMNR query header. Default
value is 0. The id will be incremented for consecutive queries (i.e.
count > 1).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Follow commit 64644dde ("socket: Set TTL values as suggested in RFC
4795, section 2.5") and set the TTL of the IP header to 255 for UDP
unicast and multicast packets, as recommended in RFC 4795, section 2.5.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Partially resolves #5 (IPv6 support)
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
extraction
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|