examples:dns_matching: fix key length and buffer overrun

Changed key length to 255, maximum length of DNS domain name. Also fixed double increment of loop variable. These both changes fix buffer overrun. Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>

examples:dns_matching: fix key length and buffer overrun
Changed key length to 255, maximum length of DNS domain name. Also fixed double increment of loop variable. These both changes fix buffer overrun. Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
07c21f0c · Prashant Bhole · a135d895 · 07c21f0c · 07c21f0c
Commit 07c21f0c authored Sep 26, 2017 by Prashant Bhole
Showing with 5 additions and 5 deletions

examples/networking/dns_matching/dns_matching.c examples/networking/dns_matching/dns_matching.c +3 -3

examples/networking/dns_matching/dns_matching.py examples/networking/dns_matching/dns_matching.py +2 -2

No files found.
--- a/examples/networking/dns_matching/dns_matching.c
+++ b/examples/networking/dns_matching/dns_matching.c
@@ -43,7 +43,7 @@ struct dns_char_t
 } BPF_PACKET_HEADER;

 struct Key {
-  unsigned char p[32];
+  unsigned char p[255];
 };

 struct Leaf {
@@ -85,8 +85,8 @@ int dns_matching(struct __sk_buff *skb)
        u16 i = 0;
        struct dns_char_t *c;
        // This unroll worked not in latest BCC version.
-        for(u8 j = 0; i<255;i++){
-          if (cursor == sentinel) goto end; c = cursor_advance(cursor, 1); key.p[i++] = c->c;
+        for(i = 0; i<255;i++){
+          if (cursor == sentinel) goto end; c = cursor_advance(cursor, 1); key.p[i] = c->c;
        }
        end:
        {}

--- a/examples/networking/dns_matching/dns_matching.py
+++ b/examples/networking/dns_matching/dns_matching.py
@@ -11,8 +11,8 @@ import struct


 def encode_dns(name):
-  size = 32
-  if len(name) > 253:
+  size = 255
+  if len(name) > 255:
    raise Exception("DNS Name too long.")
  b = bytearray(size)
  i = 0;