dinoco

Query DNS records
git clone git://git.relim.de/dinoco.git
Log | Files | Refs | README | LICENSE
commit 5bd5ba0e5cd9c9be541fee44464e4da60ab975a5
parent 65d5467027c14393f50ac6a39cd8d319cc8dead0
Author: Nibo <kroekerrobin@gmail.com>
Date:   Wed, 21 Jun 2023 12:46:32 +0200

Fix realloc overflow situations

Diffstat:

Mdinoco.c | 25+++++++++++++++++++------


1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/dinoco.c b/dinoco.c
@@ -150,7 +150,7 @@ char *parseDomain(struct byte_array *res, int start, int *nameLength)
 {
 	static int recursionLevel = 0;
 	recursionLevel++;
-	char *domain = malloc(sizeof(char));
+	char *domain = NULL;
 	char *string;
 	int offset = 0;
 	int k = 0;
@@ -164,6 +164,7 @@ char *parseDomain(struct byte_array *res, int start, int *nameLength)
 				*nameLength += 2;
 			offset = res->bytes[i+1];
 			string = parseDomain(res, offset, nameLength);
+			domain = realloc(domain, (k+1) * sizeof(char));
 			domain[k] = 0;
 			domain = stringCat(domain, string);
 			return domain;
@@ -174,18 +175,19 @@ char *parseDomain(struct byte_array *res, int start, int *nameLength)
 		{
 			if (recursionLevel == 1)
 				*nameLength++;
-			domain[k] = res->bytes[i+s+1];
 			domain = realloc(domain, (k+1) * sizeof(char));
+			domain[k] = res->bytes[i+s+1];
 			k++;
 		}
 		i += res->bytes[i] + 1;
 		if (res->bytes[i] != 0)
 		{
-			domain[k] = '.';
 			domain = realloc(domain, (k+1) * sizeof(char));
+			domain[k] = '.';
 			k++;
 		}
 	} 
+	domain = realloc(domain, (k+1) * sizeof(char));
 	domain[k] = 0;
 	return domain;
 }
@@ -293,6 +295,7 @@ struct dns_header *parseHeader(char *res)
 
 struct dns_resource_record *parseAnswer(struct byte_array *res, int *start)
 {
+	printf("soa: %d\n", *start);
 	struct dns_resource_record *answer = malloc(sizeof(struct dns_resource_record));
 	int nameLength = 0;
 	answer->domain = parseDomain(res, *start, &nameLength);
@@ -306,21 +309,24 @@ struct dns_resource_record *parseAnswer(struct byte_array *res, int *start)
 	answer->rdlength = res->bytes[b+9]
 		+ 256U*res->bytes[b+8];
 	answer->rdata = malloc(sizeof(struct byte_array));
-	answer->rdata->bytes = malloc(sizeof(char));
+	answer->rdata->bytes = NULL;
 	answer->rdata->length = answer->rdlength;
 	int i = 0;
+	printf("moa.\n");
 	for (; i<answer->rdlength; i++)
 	{
-		answer->rdata->bytes[i] = res->bytes[b+10+i];
 		answer->rdata->bytes = realloc(answer->rdata->bytes, (i+1) * sizeof(char));
+		answer->rdata->bytes[i] = res->bytes[b+10+i];
 	}
 	*start += nameLength + 8 + answer->rdlength;
 	*start += 2;
+	printf("eoa.\n");
 	return answer;
 }
 
 void printAnswer(struct dns_resource_record *answer, enum type type, struct byte_array *res)
 {
+	printf("sop.\n");
 	switch (type)
 	{
 		case TYPE_A:
@@ -376,6 +382,7 @@ void printAnswer(struct dns_resource_record *answer, enum type type, struct byte
 	free(answer->rdata);
 	free(answer->domain);
 	free(answer);
+	printf("eop.\n");
 }
 
 struct byte_array *reqServer(char *req, int length)
@@ -409,7 +416,12 @@ struct byte_array *reqServer(char *req, int length)
 		if (bytesReceived > 0)
 		{
 			struct byte_array *response = malloc(sizeof(struct byte_array));
-			response->bytes = res;
+			response->bytes = NULL;
+			for (int i=0; i<bytesReceived; i++)
+			{
+				response->bytes = realloc(response->bytes, (i+1) * sizeof(char));
+				response->bytes[i] = res[i];
+			}
 			response->length = bytesReceived;
 			return response;
 		}
@@ -418,6 +430,7 @@ struct byte_array *reqServer(char *req, int length)
 			printf("Didn't receive a response.\n");
 			return NULL;
 		}
+		free(res);
 	}
 	else
 	{