From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1cVp68-0002fB-0d for mharc-grub-devel@gnu.org; Mon, 23 Jan 2017 19:36:32 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51792) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cVp65-0002dG-TR for grub-devel@gnu.org; Mon, 23 Jan 2017 19:36:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cVp65-00011z-4G for grub-devel@gnu.org; Mon, 23 Jan 2017 19:36:29 -0500 Received: from cavan.codon.org.uk ([2a00:1098:0:80:1000:c:0:1]:56368) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cVp64-00011U-Ut for grub-devel@gnu.org; Mon, 23 Jan 2017 19:36:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codon.org.uk; s=63138784; h=Subject:References:In-Reply-To:Message-Id:Date:Cc:To:From; bh=CAeqWhA1ziro++0/TQ9HE0gYtGawTMrWP6e9aAjFx5A=; b=eUaUgAleUZ7ijoFSZySvvcYW4nLeHnnfFHJKcVK4xKZ6gPk2tFrSTSSfAn0PLzCz0j+JYfi7w9rp1l5ZBvfhkF57wl4BxiiGVFwvVnZkFXzqQCaou7RRKsOY+lX6PZBwRLCl41YKleM3zD9rc4yGY2U0IQGaYndAct/oPbFTr2w=; Received: from [2603:3024:1c06:3af3:3252:cbff:fee6:e579] (helo=xps13-mjg59.libcore.so) by cavan.codon.org.uk with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1cVp5z-0002Sb-HU; Tue, 24 Jan 2017 00:36:25 +0000 From: Matthew Garrett To: grub-devel@gnu.org Cc: Matthew Garrett Date: Mon, 23 Jan 2017 16:36:00 -0800 Message-Id: <20170124003601.24612-4-mjg59@coreos.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170124003601.24612-1-mjg59@coreos.com> References: <20170124003601.24612-1-mjg59@coreos.com> X-SA-Do-Not-Run: Yes X-SA-Exim-Connect-IP: 2603:3024:1c06:3af3:3252:cbff:fee6:e579 X-SA-Exim-Mail-From: mjg59@codon.org.uk Subject: [PATCH 3/4] Don't allocate a new address buffer if we receive multiple DNS responses X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:54:46 +0000) X-SA-Exim-Scanned: Yes (on cavan.codon.org.uk) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 2a00:1098:0:80:1000:c:0:1 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2017 00:36:31 -0000 The current logic in the DNS resolution code allocates an address buffer based on the number of addresses in the response packet. If we receive multiple response packets in response to a single query packet, this means that we will reallocate a new buffer large enough for only the addresses in that specific packet, discarding any previous results in the process. Worse, we still keep track of the *total* number of addresses resolved in response to this query, not merely the number in the packet being currently processed. Use realloc() rather than malloc() to avoid overwriting the existing data, and allocate a buffer large enough for the total set of addresses rather than merely the number in this specific response. --- grub-core/net/dns.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c index 5d9afe0..5deb1ef 100644 --- a/grub-core/net/dns.c +++ b/grub-core/net/dns.c @@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), ptr++; ptr += 4; } - *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) - * grub_be_to_cpu16 (head->ancount)); + *data->addresses = grub_realloc (*data->addresses, sizeof ((*data->addresses)[0]) + * (grub_be_to_cpu16 (head->ancount) + *data->naddresses)); if (!*data->addresses) { grub_errno = GRUB_ERR_NONE; -- 2.9.3