From: Philipp Tölke Date: Mon, 10 Jan 2011 21:41:35 +0000 (+0000) Subject: fix two "invalid read"s X-Git-Tag: initial-import-from-subversion-38251~19351 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=089870582fc725e75d54c9901fbb848decc86a09;p=oweals%2Fgnunet.git fix two "invalid read"s --- diff --git a/src/vpn/gnunet-daemon-vpn.c b/src/vpn/gnunet-daemon-vpn.c index 2d6fef76e..00caadfb1 100644 --- a/src/vpn/gnunet-daemon-vpn.c +++ b/src/vpn/gnunet-daemon-vpn.c @@ -255,10 +255,11 @@ process_answer(void* cls, const struct GNUNET_SCHEDULER_TaskContext* tc) { uint16_t namelen = strlen((char*)pkt->data+12)+1; - struct map_entry* value = GNUNET_malloc(sizeof(struct GNUNET_vpn_service_descriptor) + 2 + 8 + namelen); + struct map_entry* value = GNUNET_malloc(sizeof(struct map_entry) + namelen); + char* name = (char*)(value +1); value->namelen = namelen; - memcpy(value->name, pkt->data+12, namelen); + memcpy(name, pkt->data+12, namelen); memcpy(&value->desc, &pkt->service_descr, sizeof(struct GNUNET_vpn_service_descriptor)); @@ -318,13 +319,14 @@ process_answer(void* cls, const struct GNUNET_SCHEDULER_TaskContext* tc) { } unsigned short namelen = htons(map_entry->namelen); - char* name = map_entry->name; + char* name = (char*)(map_entry + 1); list = GNUNET_malloc(2*sizeof(struct answer_packet_list*) + offset + 2 + ntohs(namelen)); struct answer_packet* rpkt = &list->pkt; - memcpy(rpkt, pkt, offset); + /* The offset points to the first byte belonging to the address */ + memcpy(rpkt, pkt, offset - 1); rpkt->subtype = GNUNET_DNS_ANSWER_TYPE_IP; rpkt->hdr.size = ntohs(offset + 2 + ntohs(namelen)); diff --git a/src/vpn/gnunet-daemon-vpn.h b/src/vpn/gnunet-daemon-vpn.h index a53c296ef..cec47ae76 100644 --- a/src/vpn/gnunet-daemon-vpn.h +++ b/src/vpn/gnunet-daemon-vpn.h @@ -77,9 +77,8 @@ struct map_entry { uint16_t namelen; uint64_t additional_ports; /** - * In DNS-Format! + * After this struct the name is located in DNS-Format! */ - char name[1]; }; #endif /* end of include guard: GNUNET-DAEMON-VPN_H */