From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Subject: [PATCH v3] dns_resolver: assure that dns_query() result is null-terminated Date: Sat, 7 Jun 2014 23:57:25 +0200 Message-ID: <1402178245-8076-1-git-send-email-manuel.schoelling@gmx.de> References: <1402167681-24676-1-git-send-email-manuel.schoelling@gmx.de> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: jeffrey.t.kirsher@intel.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, =?UTF-8?q?Manuel=20Sch=C3=B6lling?= To: davem@davemloft.net Return-path: In-Reply-To: <1402167681-24676-1-git-send-email-manuel.schoelling@gmx.de> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org dns_query() credulously assumes that keys are null-terminated and returns a copy of a memory block that is off by one. Signed-off-by: Manuel Sch=C3=B6lling --- net/dns_resolver/dns_query.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.= c index e7b6d53..6853d22 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, s= ize_t namelen, if (!*_result) goto put; =20 - memcpy(*_result, upayload->data, len + 1); + memcpy(*_result, upayload->data, len); + *_result[len] =3D '\0'; + if (_expiry) *_expiry =3D rkey->expiry; =20 --=20 1.7.10.4