[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] Invalid memory references when using lwip_gethostbyname()

From: Bjoern Doebel
Subject: [lwip-devel] Invalid memory references when using lwip_gethostbyname()
Date: Mon, 17 May 2010 08:45:21 +0200

Hello again,

another issue I came across might be in lwip_gethostbyname() in api/netdb.c.

gethostbyname() returns a hostent containing a NULL-terminated list of
IP addresses. When building lwip with LWIP_DNS_API_HOSTENT_STORAGE ==
0, the hostent returned from lwip_gethostbyname() is a statically
allocated entry in this function and entry's h_addr_list pointer is
set to point to another single statically allocated object. This lacks
the explicit final NULL entry in h_addr_list and potentially (and in
my case really) leads to invalid memory accesses due to calling code
running through this list in search for a terminating NULL.

My current fix is:

Index: src/api/netdb.c
RCS file: /sources/lwip/lwip/src/api/netdb.c,v
retrieving revision 1.17
diff -u -r1.17 netdb.c
--- src/api/netdb.c     16 Mar 2010 15:14:14 -0000      1.17
+++ src/api/netdb.c     17 May 2010 06:45:07 -0000
@@ -91,7 +91,7 @@
   HOSTENT_STORAGE struct hostent s_hostent;
   HOSTENT_STORAGE char *s_aliases;
   HOSTENT_STORAGE ip_addr_t s_hostent_addr;
-  HOSTENT_STORAGE ip_addr_t *s_phostent_addr;
+  HOSTENT_STORAGE ip_addr_t *s_phostent_addr[2] = { 0 };

   /* query host IP address */
   err = netconn_gethostbyname(name, &addr);
@@ -103,7 +103,7 @@

   /* fill hostent */
   s_hostent_addr = addr;
-  s_phostent_addr = &s_hostent_addr;
+  s_phostent_addr[0] = &s_hostent_addr;
   s_hostent.h_name = (char*)name;
   s_hostent.h_aliases = &s_aliases;
   s_hostent.h_addrtype = AF_INET;


reply via email to

[Prev in Thread] Current Thread [Next in Thread]