search

pellegre / libcrafter

A high level C++ network packet sniffing and crafting library.
298 stars 88 forks source link

Uninitialized member `size` in `DNSQuery` and `DNSAnswer` when qname is empty #53

Closed chradcliffe closed 7 years ago

chradcliffe commented 7 years ago

I noticed this issue when trying to craft a DNS packet with an empty question name. If passed an empty string, both DNSQuery and DNSAnswer will not initialized the size member, which can lead to undefined behaviour if the Write method is then subsequently called. Here is a minimal example that, when compiled with GCC using -O3 on an Ubuntu 16.04 machine, prints an arbitrary large number as the size of the DNSQuery:

#include "crafter.h"

int main() {
    Crafter::DNS::DNSQuery query("");
    std::cout << query.GetSize() << std::endl;
}

I think I would expect in this case for the library to create a DNS query whose QNAME field is a 16-bit length that is zero.

oliviertilmans commented 7 years ago

Hi @chradcliffe

This is now fixed on master. Please not that I cannot reproduce the issue as clang/newer gcc version always 0-initialize class members if not done in constructors so I hope I covered everything ...