[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] dns: fix heap corruption
|
From: |
Andrei Borzenkov |
|
Subject: |
Re: [PATCH] dns: fix heap corruption |
|
Date: |
Tue, 26 Jul 2016 20:40:19 +0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
11.07.2016 09:02, Michael Chang пишет:
> On Fri, Jul 08, 2016 at 10:54:37PM +0300, Andrei Borzenkov wrote:
>> 07.07.2016 12:18, Michael Chang пишет:
>>> Since commit f9d1b4422efb2c06e5472fb2c304712e2029796b I occasionally bumped
>>> into heap corruption problem during dns lookup.
>>>
>>> After tracing the issue, it looks the *data->addresses array is not
>>> correctly
>>> allocated. It need to hold accumulated dns look up result but not only the
>>> new
>>> result in new message. The heap corruption occured when appending new
>>> result to
>>> it.
>>>
>>> This patch fixed the issue for me by reallocating the array if it found too
>>> small to hold all the result.
>>>
>>
>> I'm not sure. I think we discussed this with Josef back then. The code
>> apparently was assuming single response; and if we are going to collect
>> multiple answers, we need to filter out duplicates at least and also not
>> depend on packet order to select between A and AAAA.
>
> OK.
>
>>
>> Does attached patch fix corruption for you? I think that is the least
>> intrusive as bug fix, and we need to revisit code to properly handle
>> multiple responses later.
>
> Yes, it does. I have tested several times to make sure it doesn't happen.
>
> Thanks for review.
>
Applied. Thanks!