git:4.4:42f5515d: core: avoid overrun-buffer-arg - sr-dev

1 Feb 2017

Module: kamailio
Branch: 4.4
Commit: 42f5515df93a182fd33a6c48f1a9dd1850e91965
URL: https://github.com/kamailio/kamailio/commit/42f5515df93a182fd33a6c48f1a9dd18...
Author: Victor Seva linuxmaniac@torreviejawireless.org
Committer: Victor Seva linuxmaniac@torreviejawireless.org
Date: 2017-02-01T15:21:05+01:00
core: avoid overrun-buffer-arg
...
Overrunning array ((struct a_rdata *)rr->rdata)->ip of 4 bytes
by passing it to a function which accesses it at byte offset 15
using argument len (which evaluates to 16)
(cherry picked from commit 5640f696f5364bb88732807f5f87b4afb7a97ba6)
---
Modified: dns_cache.c
---
Diff:  https://github.com/kamailio/kamailio/commit/42f5515df93a182fd33a6c48f1a9dd18...
Patch: https://github.com/kamailio/kamailio/commit/42f5515df93a182fd33a6c48f1a9dd18...
---

diff --git a/dns_cache.c b/dns_cache.c
index 21b780e..c4b910d 100644
--- a/dns_cache.c
+++ b/dns_cache.c
@@ -2362,6 +2362,7 @@ inline static struct hostent* dns_entry2he(struct dns_hash_entry* e)
    int af, len;
    struct dns_rr* rr;
    unsigned char rr_no;
+	unsigned char *ip;
    ticks_t now;
    int i;
@@ -2389,7 +2390,15 @@ inline static struct hostent* dns_entry2he(struct dns_hash_entry* e)
    for(i=0; rr && (i<DNS_HE_MAX_ADDR); i++,
    						rr=dns_entry_get_rr(e, &rr_no, now)){
    			p_addr[i]=&address[i*len];
-				memcpy(p_addr[i], ((struct a_rdata*)rr->rdata)->ip, len);
+				switch(e->type){
+					case T_A:
+						ip = ((struct a_rdata*)rr->rdata)->ip;
+						break;
+					case T_AAAA:
+						ip = ((struct aaaa_rdata*)rr->rdata)->ip6;
+						break;
+				}
+				memcpy(p_addr[i], ip, len);
    }
    if (i==0){
    	LM_DBG("no good records found (%d) for %.*s (%d)\n",

    