Fix a possible heap overflow

mjansson / mdns

Public domain mDNS/DNS-SD library in C

The Unlicense

437 stars 117 forks source link

Fix a possible heap overflow #65

Closed muratbalaban43 closed 1 year ago

muratbalaban43 commented 1 year ago

Suggestion to fix a possible heap overflow

mjansson commented 1 year ago

Nice find, a bit surprised the fuzzing didn't find this one. I would however like to do it by validating the sublength to make sure invalid data is not propagated back in the reply.

After getting the sublength, do a

if (sublength >= (end - offset))
  break;

the maximum remaining sublength is end - (offset + 1)

muratbalaban43 commented 1 year ago

Hi @mjansson , thanks for the suggestion. Just sent another commit upon your comment.

mjansson commented 1 year ago

Thank you!