Hi, I experienced a buffer overrun exception in c-ares on Windows and
tracked it down to be an error in the calculation of the 'left'
variable in get_iphlpapi_dns_info(). The following patch fixed the
problem for me, feel free to incorporate it as you see fit
I changed the variable type of 'left' to a _signed_ type because of
the subtraction arithmetic; not sure if a long is the best choice
Thanks
Index: ares_init.c
===================================================================
--- ares_init.c (revision 100)
+++ ares_init.c (working copy)
@@ -612,7 +612,7 @@
{
const size_t ipv4_size = INET_ADDRSTRLEN + 1; /* +1 for ',' at end */
const size_t ipv6_size = INET6_ADDRSTRLEN + 12; /* +12 for
"%0123456789," at end */
- size_t left = ret_size;
+ long left = ret_size;
char *ret = ret_buf;
int count = 0;
@@ -687,7 +687,7 @@
ret[ stringlen ] = ',';
ret[ stringlen + 1 ] = '\0';
ret += stringlen + 1;
- left -= ret - ret_buf;
+ left -= stringlen + 1;
++count;
}
else if( pGenericAddr->sa_family == AF_INET6 && left > ipv6_size )
@@ -702,7 +702,7 @@
ret[ stringlen ] = ',';
ret[ stringlen + 1 ] = '\0';
ret += stringlen + 1;
- left -= ret - ret_buf;
+ left -= stringlen + 1;
++count;
/* NB on Windows this also returns stuff in the fec0::/10 range,
Received on 2012-02-05