Archive Index This month's Index

Subject: Wrong handling on badly formatted strings passed to set_servers_csv

Wrong handling on badly formatted strings passed to set_servers_csv

From: Francisco Sedano Crippa (fsedanoc) <fsedanoc_at_cisco.com>
Date: Sat, 10 Mar 2018 00:07:38 +0000

Hello,

I noticed today if you pass a string with spaces to set_servers_csv, like:

"127.0.0.1 , 200.0.0.1"

It will take the first server as "127.0.0.1 " (note the space), it will notice it's not a valid IP and fail. So far so good.

However, nservers for the channel will stay set to -1, so when ares_send is called, this will be executed:

  query->server_info = ares_malloc(channel->nservers *
                                   sizeof(query->server_info[0]));

The negative value will be misinterpreted to a huge number since argument is size_t and we agree things smell really bad from here. In practice, such a mem allocation fails and we return ENOMEM (which is also misleading), but it's a very incorrect behaviour.

I was thinking on just adding a check at the beginning of ares_send() to exit if nservers is <= 0.

Do you guys agree with the approach? If that’s the case, which error do you suggest to return? No one really matches, I’d say ARES_ENOTFOUND, but that implies we tried to contact the server…



Thanks!


. .:|:.:|:. Francisco Sedano | CCIE 14859, Tech Lead Software Engineering | CSG Enterprise Access and Services Group (EASG)

Received on 2018-03-10