diff options
author | Lennart Poettering <lennart@poettering.net> | 2005-10-27 14:30:46 +0000 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2005-10-27 14:30:46 +0000 |
commit | 20011324500a728851e4888c890a756ecf71394b (patch) | |
tree | 9dc37356855fa1b1c009aa978158fac9c85f2d16 /avahi-compat-libdns_sd/compat.c | |
parent | cf5ee4f9a5c3625a3d13b92603d1035f976228b0 (diff) |
Add validity checking to TXT data parsing, this fixes a remotely exploitable vulnerability.
git-svn-id: file:///home/lennart/svn/public/avahi/trunk@888 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
Diffstat (limited to 'avahi-compat-libdns_sd/compat.c')
-rw-r--r-- | avahi-compat-libdns_sd/compat.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/avahi-compat-libdns_sd/compat.c b/avahi-compat-libdns_sd/compat.c index afc9214..6a1b30d 100644 --- a/avahi-compat-libdns_sd/compat.c +++ b/avahi-compat-libdns_sd/compat.c @@ -974,6 +974,7 @@ DNSServiceErrorType DNSSD_API DNSServiceRegister ( DNSServiceErrorType ret = kDNSServiceErr_Unknown; int error; DNSServiceRef sdref = NULL; + AvahiStringList *txt = NULL; AVAHI_WARN_LINKAGE; @@ -986,8 +987,14 @@ DNSServiceErrorType DNSSD_API DNSServiceRegister ( return kDNSServiceErr_Unsupported; } - if (!(sdref = sdref_new())) + if (txtRecord && txtLen > 0) + if (avahi_string_list_parse(txtRecord, txtLen, &txt) < 0) + return kDNSServiceErr_Invalid; + + if (!(sdref = sdref_new())) { + avahi_string_list_free(txt); return kDNSServiceErr_Unknown; + } sdref->context = context; sdref->service_register_callback = callback; @@ -998,7 +1005,7 @@ DNSServiceErrorType DNSSD_API DNSServiceRegister ( sdref->service_host = host ? avahi_normalize_name_strdup(host) : NULL; sdref->service_interface = interface == kDNSServiceInterfaceIndexAny ? AVAHI_IF_UNSPEC : (AvahiIfIndex) interface; sdref->service_port = ntohs(port); - sdref->service_txt = txtRecord && txtLen > 0 ? avahi_string_list_parse(txtRecord, txtLen) : NULL; + sdref->service_txt = txt; /* Some OOM checking would be cool here */ |