Module: kamailio Branch: 4.4 Commit: 42f5515df93a182fd33a6c48f1a9dd1850e91965 URL: https://github.com/kamailio/kamailio/commit/42f5515df93a182fd33a6c48f1a9dd1850e91965
Author: Victor Seva <linuxman...@torreviejawireless.org> Committer: Victor Seva <linuxman...@torreviejawireless.org> Date: 2017-02-01T15:21:05+01:00 core: avoid overrun-buffer-arg > Overrunning array ((struct a_rdata *)rr->rdata)->ip of 4 bytes > by passing it to a function which accesses it at byte offset 15 > using argument len (which evaluates to 16) (cherry picked from commit 5640f696f5364bb88732807f5f87b4afb7a97ba6) --- Modified: dns_cache.c --- Diff: https://github.com/kamailio/kamailio/commit/42f5515df93a182fd33a6c48f1a9dd1850e91965.diff Patch: https://github.com/kamailio/kamailio/commit/42f5515df93a182fd33a6c48f1a9dd1850e91965.patch --- diff --git a/dns_cache.c b/dns_cache.c index 21b780e..c4b910d 100644 --- a/dns_cache.c +++ b/dns_cache.c @@ -2362,6 +2362,7 @@ inline static struct hostent* dns_entry2he(struct dns_hash_entry* e) int af, len; struct dns_rr* rr; unsigned char rr_no; + unsigned char *ip; ticks_t now; int i; @@ -2389,7 +2390,15 @@ inline static struct hostent* dns_entry2he(struct dns_hash_entry* e) for(i=0; rr && (i<DNS_HE_MAX_ADDR); i++, rr=dns_entry_get_rr(e, &rr_no, now)){ p_addr[i]=&address[i*len]; - memcpy(p_addr[i], ((struct a_rdata*)rr->rdata)->ip, len); + switch(e->type){ + case T_A: + ip = ((struct a_rdata*)rr->rdata)->ip; + break; + case T_AAAA: + ip = ((struct aaaa_rdata*)rr->rdata)->ip6; + break; + } + memcpy(p_addr[i], ip, len); } if (i==0){ LM_DBG("no good records found (%d) for %.*s (%d)\n", _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
