Subject: Re: c-ares segfault in gehostbyname on windows

Re: c-ares segfault in gehostbyname on windows

From: Jeremy Leibs <leibs_at_suitabletech.com>
Date: Tue, 9 Aug 2011 09:09:12 -0700

On Tue, Aug 9, 2011 at 6:31 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Mon, 8 Aug 2011, Jeremy Leibs wrote:
>
> The basic problem seems to be that PATH_HOSTS isn't initialized. If the
>> call to "RegOpenKeyEx" fails, PATH_HOSTS makes it down to "strcat" before
>> being initialized. If there are no null characters in the first MAX_PATH
>> characters, strcat copies off the end of the array and things end up
>> corrupted.
>>
>> The valid fix is to clear PATH_HOSTS. ares_gethostbyaddr contains the
>> same code, so I fixed it there as well.
>>
>
> I don't understand. PATH_HOSTS is a local array and it gets a zero stored
> in the first byte immediately after the declaration, and thus strcat()
> should work fine on that buffer even if RegOpenKeyEx() fails - just provide
> a weird final path.
>
>
Just pulled the git source. You're right, in the master branch it gets a
zero after the declaration there. Looks like it was added
in: 0e8dc6f18eeb8a54115af2b2bd5693f933b6c27f. I should have checked the git
repo before posting.

In any case, the 1.7.4 release doesn't have the fix. I'm assuming there are
other bug fixes as well. Are there plans to put out a stable 1.7.5 release
with these fixes at some point?

> What am I missing? Why do you need to zero the entire array?
>
>
Nothing. The fix in git should be fine. Zeroing the entire array was an
overly cautious solution.

Thanks for looking into it,
--Jeremy
Received on 2011-08-09