Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src: fix freeing unintialized pointer bug in ParseSoaReply #35502

Merged
merged 1 commit into from Oct 8, 2020
+10 −8
Merged

src: fix freeing unintialized pointer bug in ParseSoaReply #35502

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
18 changes: 10 additions & 8 deletions src/cares_wrap.cc
View file
Open in desktop
Expand Up @@ -1060,29 +1060,31 @@ int ParseSoaReply(Environment* env,
// Can't use ares_parse_soa_reply() here which can only parse single record
const unsigned int ancount = cares_get_16bit(buf + 6);
unsigned char* ptr = buf + NS_HFIXEDSZ;
char* name_temp;
char* name_temp = nullptr;
long temp_len; // NOLINT(runtime/int)
int status = ares_expand_name(ptr, buf, len, &name_temp, &temp_len);
const ares_unique_ptr name(name_temp);
if (status != ARES_SUCCESS) {
// returns EBADRESP in case of invalid input
return status == ARES_EBADNAME ? ARES_EBADRESP : status;
}

const ares_unique_ptr name(name_temp);

if (ptr + temp_len + NS_QFIXEDSZ > buf + len) {
return ARES_EBADRESP;
}
ptr += temp_len + NS_QFIXEDSZ;

for (unsigned int i = 0; i < ancount; i++) {
char* rr_name_temp;
char* rr_name_temp = nullptr;
long rr_temp_len; // NOLINT(runtime/int)
int status2 = ares_expand_name(ptr, buf, len, &rr_name_temp, &rr_temp_len);
const ares_unique_ptr rr_name(rr_name_temp);

if (status2 != ARES_SUCCESS)
return status2 == ARES_EBADNAME ? ARES_EBADRESP : status2;

const ares_unique_ptr rr_name(rr_name_temp);

ptr += rr_temp_len;
if (ptr + NS_RRFIXEDSZ > buf + len) {
return ARES_EBADRESP;
Expand All @@ -1094,27 +1096,27 @@ int ParseSoaReply(Environment* env,

// only need SOA
if (rr_type == ns_t_soa) {
char* nsname_temp;
char* nsname_temp = nullptr;
long nsname_temp_len; // NOLINT(runtime/int)

int status3 = ares_expand_name(ptr, buf, len,
&nsname_temp,
&nsname_temp_len);
const ares_unique_ptr nsname(nsname_temp);
if (status3 != ARES_SUCCESS) {
return status3 == ARES_EBADNAME ? ARES_EBADRESP : status3;
}
const ares_unique_ptr nsname(nsname_temp);
ptr += nsname_temp_len;

char* hostmaster_temp;
char* hostmaster_temp = nullptr;
long hostmaster_temp_len; // NOLINT(runtime/int)
int status4 = ares_expand_name(ptr, buf, len,
&hostmaster_temp,
&hostmaster_temp_len);
const ares_unique_ptr hostmaster(hostmaster_temp);
if (status4 != ARES_SUCCESS) {
return status4 == ARES_EBADNAME ? ARES_EBADRESP : status4;
}
const ares_unique_ptr hostmaster(hostmaster_temp);
ptr += hostmaster_temp_len;

if (ptr + 5 * 4 > buf + len) {
Expand Down