summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2022-06-10 22:51:03 +0200
committerYu Watanabe <watanabe.yu+github@gmail.com>2022-06-10 23:01:46 +0200
commit9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a (patch)
tree71021bbbfda663ccecc171ac7a13695efe925e9a
parentMerge pull request #23691 from medhefgo/efi-clang (diff)
downloadsystemd-9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a.tar.xz
systemd-9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a.zip
dns-domain: make each label nul-terminated
dns_label_unescape() does not nul-terminate the buffer if it does not have enough space. Hence, if a lable is enough long, then strjoin() triggers buffer-overflow. Fixes #23705.
Diffstat (limited to '')
-rw-r--r--src/shared/dns-domain.c2
-rw-r--r--src/test/test-dns-domain.c1
2 files changed, 2 insertions, 1 deletions
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
index 9acf1cb0d6..97839e7d73 100644
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -1025,7 +1025,7 @@ static bool dns_service_name_label_is_valid(const char *label, size_t n) {
int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) {
_cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL;
const char *p = joined, *q = NULL, *d = NULL;
- char a[DNS_LABEL_MAX], b[DNS_LABEL_MAX], c[DNS_LABEL_MAX];
+ char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1];
int an, bn, cn, r;
unsigned x = 0;
diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c
index 3a26ecaa70..0fbac9dbd9 100644
--- a/src/test/test-dns-domain.c
+++ b/src/test/test-dns-domain.c
@@ -540,6 +540,7 @@ TEST(dns_service_split) {
test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0);
test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0);
test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0);
+ test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0);
}
static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) {