Subject: RE: [Patch] Buffer overrun in get_iphlpapi_dns_info() (ares_init.c) on Windows

RE: [Patch] Buffer overrun in get_iphlpapi_dns_info() (ares_init.c) on Windows

From: Bert Belder <bertbelder_at_gmail.com>
Date: Mon, 6 Feb 2012 18:11:40 +0100

> -----Oorspronkelijk bericht-----
> Van: c-ares-bounces_at_cool.haxx.se [mailto:c-ares-bounces_at_cool.haxx.se]
> Namens Poul Thomas Lomholt
> Verzonden: Saturday, February 04, 2012 7:31 AM
> Aan: c-ares_at_cool.haxx.se
> Onderwerp: [Patch] Buffer overrun in get_iphlpapi_dns_info() (ares_init.c)
> on Windows
>
> Hi, I experienced a buffer overrun exception in c-ares on Windows and
> tracked it down to be an error in the calculation of the 'left'
> variable in get_iphlpapi_dns_info(). The following patch fixed the problem
> for me, feel free to incorporate it as you see fit
>
> I changed the variable type of 'left' to a _signed_ type because of the
> subtraction arithmetic; not sure if a long is the best choice
>
> Thanks

I don't really see how a buffer overrun could happen. Can you elaborate a
bit more on that?

Thanks, Bert
Received on 2012-02-06