From: Jukka Rissanen Date: Fri, 1 Jun 2012 12:02:06 +0000 (+0300) Subject: dnsproxy: Check overlapping memcpy X-Git-Tag: 2.0_alpha~113 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4884c249bf7f098bbffd1a704a0a5ade573bee54;p=framework%2Fconnectivity%2Fconnman.git dnsproxy: Check overlapping memcpy The problem was seen with valgrind. We tried to get hostname without domain part and if server returns an error, we could end up in situation where domain_len == 0 even if append_domain is set to TRUE. So check that if domain_len is 0, then do not try to memcpy. --- diff --git a/src/dnsproxy.c b/src/dnsproxy.c index efbc195..f56c30c 100644 --- a/src/dnsproxy.c +++ b/src/dnsproxy.c @@ -1554,14 +1554,23 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol, domain_len = strlen((const char *)ptr + host_len + 1); /* - * remove the domain name and replace it by the end - * of reply. + * Remove the domain name and replace it by the end + * of reply. Check if the domain is really there + * before trying to copy the data. The domain_len can + * be 0 because if the original query did not contain + * a domain name, then we are sending two packets, + * first without the domain name and the second packet + * with domain name. The append_domain is set to true + * even if we sent the first packet without domain + * name. In this case we end up in this branch. */ - memcpy(ptr + host_len + 1, - ptr + host_len + domain_len + 1, - reply_len - (ptr - reply + domain_len)); + if (domain_len > 0) { + memcpy(ptr + host_len + 1, + ptr + host_len + domain_len + 1, + reply_len - (ptr - reply + domain_len)); - reply_len = reply_len - domain_len; + reply_len = reply_len - domain_len; + } } g_free(req->resp);