From a7b3d978a705dc160f373f685625e28c9a3022bb Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Thu, 9 Feb 2017 09:12:03 +0100
Subject: llmnr-query: Allocate receive buffer large enough

If an LLMNR response exceeds 128 bytes, it will get truncated. This
leads to out-of-bounds read access during parsing and causes garbage
data to be printed.

Fix it by allocating the buffer large enough (according to RFC).
Possible future improvment would be to consider the link MTU size to
save some memory.

Fixes #21
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 llmnr-query.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/llmnr-query.c b/llmnr-query.c
index 920ac96..1706add 100644
--- a/llmnr-query.c
+++ b/llmnr-query.c
@@ -39,6 +39,9 @@
 #include "log.h"
 #include "pkt.h"
 
+/* Maximum possible size RFC 4795, section 2.1 */
+static const size_t LLMNR_QUERY_PKT_BUF_SIZE = 9194;
+
 static const char *short_ops = "c:d:i:I:t:T:6hV";
 static const struct option long_opts[] = {
 	{ "count",	required_argument,	NULL, 'c' },
@@ -213,7 +216,7 @@ int main(int argc, char **argv)
 		}
 	}
 
-	p = pkt_alloc(128);
+	p = pkt_alloc(LLMNR_QUERY_PKT_BUF_SIZE);
 
 	log_info("LLMNR query: %s IN %s\n", query_name, query_type(qtype));
 
-- 
cgit v1.2.3-54-g00ecf