diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-06-10 22:51:03 +0200 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-06-10 23:01:46 +0200 |
commit | 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a (patch) | |
tree | 71021bbbfda663ccecc171ac7a13695efe925e9a | |
parent | Merge pull request #23691 from medhefgo/efi-clang (diff) | |
download | systemd-9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a.tar.xz systemd-9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a.zip |
dns-domain: make each label nul-terminated
dns_label_unescape() does not nul-terminate the buffer if it does not
have enough space. Hence, if a lable is enough long, then strjoin()
triggers buffer-overflow.
Fixes #23705.
Diffstat (limited to '')
-rw-r--r-- | src/shared/dns-domain.c | 2 | ||||
-rw-r--r-- | src/test/test-dns-domain.c | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c index 9acf1cb0d6..97839e7d73 100644 --- a/src/shared/dns-domain.c +++ b/src/shared/dns-domain.c @@ -1025,7 +1025,7 @@ static bool dns_service_name_label_is_valid(const char *label, size_t n) { int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) { _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; const char *p = joined, *q = NULL, *d = NULL; - char a[DNS_LABEL_MAX], b[DNS_LABEL_MAX], c[DNS_LABEL_MAX]; + char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1]; int an, bn, cn, r; unsigned x = 0; diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c index 3a26ecaa70..0fbac9dbd9 100644 --- a/src/test/test-dns-domain.c +++ b/src/test/test-dns-domain.c @@ -540,6 +540,7 @@ TEST(dns_service_split) { test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0); test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0); test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0); + test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0); } static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) { |