Bug report: Memory overflow in ifdns

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bug report: Memory overflow in ifdns

485 Views
chrissolomon
Contributor III

Hi,

In MQX 4.0.1 (possibly later, haven't checked) there is an off by one error in rtcs/source/if/ifdns.c, in the function DNS_insert_slist_entry.

Original code snippit:

(starts at line 254)

      if (usr_slist_entry_ptr->NAME_PTR)

      {

         tmp_str = RTCS_mem_alloc_system( strlen(usr_slist_entry_ptr->NAME_PTR) );

         if (tmp_str == NULL)

            return RTCSERR_DNS_UNABLE_TO_ALLOCATE_MEMORY;

         strcpy(tmp_str, usr_slist_entry_ptr->NAME_PTR);

      }

The problem is strlen gives the length of the string NOT INCLUDING THE NULL TERMINATION, where as strcpy copies including the null termination.

My fix:

      if (usr_slist_entry_ptr->NAME_PTR)

      {

         tmp_str = RTCS_mem_alloc_system( strlen(usr_slist_entry_ptr->NAME_PTR) + 1 );

         if (tmp_str == NULL)

            return RTCSERR_DNS_UNABLE_TO_ALLOCATE_MEMORY;

         strcpy(tmp_str, usr_slist_entry_ptr->NAME_PTR);

      }

It's a simple fix, and for the most part it wont cause any problem, unless the string length happens to fit in the allocation block perfectly, then the first byte of the next blocks header will be zeroed, with unpredictable results.

Labels (1)
Tags (4)
0 Kudos
2 Replies

317 Views
danielchen
NXP TechSupport
NXP TechSupport

The DNS system has been re-written for MQX 4.2, Next MQX release won't have that source files at all. Thank you

0 Kudos

317 Views
danielchen
NXP TechSupport
NXP TechSupport

Hi

Thank you for reporting this, I will forward your post to software team.


Have a great day,
Daniel

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos