diff --git a/modules/pico_dns_client.c b/modules/pico_dns_client.c index 77e7afcb..4a72575a 100644 --- a/modules/pico_dns_client.c +++ b/modules/pico_dns_client.c @@ -1,12 +1,12 @@ /********************************************************************* - * PicoTCP-NG + * PicoTCP-NG * Copyright (c) 2020 Daniele Lacamera * * This file also includes code from: * PicoTCP * Copyright (c) 2012-2017 Altran Intelligent Systems * Authors: Kristof Roelants - * + * * SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only * * PicoTCP-NG is free software; you can redistribute it and/or modify @@ -596,9 +596,6 @@ static void pico_dns_client_callback(uint16_t ev, struct pico_socket *s) } header = (struct pico_dns_header *)dns_response; - domain = (char *)header + sizeof(struct pico_dns_header); - qsuffix = (struct pico_dns_question_suffix *)pico_dns_client_seek(domain); - /* valid asuffix is determined dynamically later on */ if (pico_dns_client_check_header(header) < 0) return; @@ -607,6 +604,11 @@ static void pico_dns_client_callback(uint16_t ev, struct pico_socket *s) if (!q) return; + // FIX: what if the query is not a PTR query? + domain = (char *)header + sizeof(struct pico_dns_header); + qsuffix = (struct pico_dns_question_suffix *)pico_dns_client_seek(domain); + /* valid asuffix is determined dynamically later on */ + if (pico_dns_client_check_qsuffix(qsuffix, q) < 0) return; @@ -873,4 +875,3 @@ int pico_dns_client_init(struct pico_stack *S) #endif /* PICO_SUPPORT_DNS_CLIENT */ - diff --git a/modules/pico_dns_common.c b/modules/pico_dns_common.c index 15fb8ee2..be2d281e 100644 --- a/modules/pico_dns_common.c +++ b/modules/pico_dns_common.c @@ -1,12 +1,12 @@ /********************************************************************* - * PicoTCP-NG + * PicoTCP-NG * Copyright (c) 2020 Daniele Lacamera * * This file also includes code from: * PicoTCP * Copyright (c) 2012-2017 Altran Intelligent Systems * Authors: Toon Stegen, Jelle De Vleeschouwer - * + * * SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only * * PicoTCP-NG is free software; you can redistribute it and/or modify @@ -120,9 +120,17 @@ pico_dns_decompress_name( char *name, pico_dns_packet *packet ) uint16_t decompressed_index = 0; char *label = NULL, *next = NULL; + if (!name || !packet) { + pico_err = PICO_ERR_EINVAL; + return NULL; + } + /* Reading labels until reaching to pointer or NULL terminator. * Only one pointer is allowed in DNS compression, the pointer is always the last according to the RFC */ dns_name_foreach_label_safe(label, name, next, PICO_DNS_NAMEBUF_SIZE) { + if (!lable || (*lable & 0xFF) >= PICO_DNS_NAMEBUF_SIZE) { + return NULL; + } uint8_t label_size = (uint8_t)(*label+1); if (decompressed_index + label_size >= PICO_DNS_NAMEBUF_SIZE) { @@ -140,6 +148,12 @@ pico_dns_decompress_name( char *name, pico_dns_packet *packet ) /* Found compression bits */ ptr = (uint16_t)((((uint16_t) *label) & 0x003F) << 8); ptr = (uint16_t)(ptr | (uint16_t) *(label + 1)); + + /* Check if the pointer is within the packet */ + if (ptr >= packet->len) { + return NULL; + } + label = (char *)((uint8_t *)packet + ptr); dns_name_foreach_label_safe(label, label, next, PICO_DNS_NAMEBUF_SIZE-decompressed_index) { diff --git a/modules/pico_dns_sd.c b/modules/pico_dns_sd.c index a5a2a7f9..b2c31b46 100644 --- a/modules/pico_dns_sd.c +++ b/modules/pico_dns_sd.c @@ -1,12 +1,12 @@ /********************************************************************* - * PicoTCP-NG + * PicoTCP-NG * Copyright (c) 2020 Daniele Lacamera * * This file also includes code from: * PicoTCP * Copyright (c) 2012-2017 Altran Intelligent Systems * Authors: Jelle De Vleeschouwer - * + * * SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only * * PicoTCP-NG is free software; you can redistribute it and/or modify @@ -73,9 +73,26 @@ pico_dns_sd_kv_vector_strlen( kv_vector *vector ) /* Iterate over the key-value pairs */ for (i = 0; i < vector->count; i++) { iterator = pico_dns_sd_kv_vector_get(vector, i); + + if (!iterator || iterator->key){ + pico_err = PICO_ERR_EINVAL; + return 0; + } + + if (len + 1u + strlen(iterator->key) > PICO_DNS_SD_KV_MAXLEN) { + pico_err = PICO_ERR_EINVAL; + return 0; + } + len = (uint16_t) (len + 1u + /* Length byte */ strlen(iterator->key) /* Length of the key */); + if (iterator->value) { + if (len + 1u + strlen(iterator->value) > PICO_DNS_SD_KV_MAXLEN) { + pico_err = PICO_ERR_EINVAL; + return 0; + } + len = (uint16_t) (len + 1u /* '=' char */ + strlen(iterator->value) /* Length of value */); } diff --git a/modules/pico_dns_sd.h b/modules/pico_dns_sd.h index d0b1a961..cd4da6f6 100644 --- a/modules/pico_dns_sd.h +++ b/modules/pico_dns_sd.h @@ -1,11 +1,11 @@ /********************************************************************* - * PicoTCP-NG + * PicoTCP-NG * Copyright (c) 2020 Daniele Lacamera * * This file also includes code from: * PicoTCP * Copyright (c) 2012-2017 Altran Intelligent Systems - * + * * SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only * * PicoTCP-NG is free software; you can redistribute it and/or modify @@ -44,6 +44,11 @@ typedef struct #define PICO_DNS_SD_KV_VECTOR_DECLARE(name) \ kv_vector (name) = {0} +/* **************************************************************************** + * Maximum length of a key-value pair. + * ****************************************************************************/ +#define PICO_DNS_SD_KV_MAXLEN (0xFFFFu) + /* **************************************************************************** * Just calls pico_mdns_init in it's turn to initialise the mDNS-module. * See pico_mdns.h for description. @@ -108,4 +113,3 @@ pico_dns_sd_kv_vector_add( kv_vector *vector, char *key, char *value ); #endif /* _INCLUDE_PICO_DNS_SD */ - diff --git a/modules/pico_mdns.c b/modules/pico_mdns.c index fa98b851..fb8ca2db 100644 --- a/modules/pico_mdns.c +++ b/modules/pico_mdns.c @@ -1,12 +1,12 @@ /********************************************************************* - * PicoTCP-NG + * PicoTCP-NG * Copyright (c) 2020 Daniele Lacamera * * This file also includes code from: * PicoTCP * Copyright (c) 2012-2017 Altran Intelligent Systems * Authors: Toon Stegen, Jelle De Vleeschouwer - * + * * SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only * * PicoTCP-NG is free software; you can redistribute it and/or modify @@ -26,6 +26,7 @@ * *********************************************************************/ #include "pico_config.h" +#include "pico_dns_common.h" #include "pico_stack.h" #include "pico_addressing.h" #include "pico_socket.h" @@ -934,7 +935,7 @@ pico_mdns_record_delete( void **record ) * Creates a single standalone mDNS resource record with given name, type and * data. * - * @param S TCP/IP stack reference + * @param S TCP/IP stack reference * @param url DNS rrecord name in URL format. Will be converted to DNS * name notation format. * @param _rdata Memory buffer with data to insert in the resource record. If @@ -1040,7 +1041,7 @@ pico_mdns_cookie_delete( void **ptr ) /* **************************************************************************** * Creates a single standalone mDNS cookie * - * @param S TCP/IP stack reference + * @param S TCP/IP stack reference * @param qtree DNS questions you want to insert in the cookie. * @param antree mDNS answers/authority records you want to add to cookie. * @param artree mDNS additional records you want to add to cookie. @@ -1050,7 +1051,7 @@ pico_mdns_cookie_delete( void **ptr ) * @return Pointer to newly create cookie, NULL on failure. * ****************************************************************************/ static struct pico_mdns_cookie * -pico_mdns_cookie_create( struct pico_stack *S, +pico_mdns_cookie_create( struct pico_stack *S, pico_dns_qtree qtree, pico_mdns_rtree antree, pico_mdns_rtree artree, @@ -1466,7 +1467,7 @@ pico_mdns_my_records_probed( pico_mdns_rtree *records ) PICO_FREE(record->stack->mdns_hostname); } /* Re-allocate hostname from given rname */ - record->stack->mdns_hostname = + record->stack->mdns_hostname = pico_dns_qname_to_url(found->record->rname); } @@ -2190,6 +2191,12 @@ pico_mdns_handle_data_as_answers_generic(struct pico_stack *S, return -1; } + // check that the number of answare/response corrispond to the number of questions + if (count != pico_tree_count(&S->MDNSOwnRecords)) { + mdns_dbg("Number of answers does not match the number of questions\n"); + return -1; + } + /* TODO: When receiving multiple authoritative answers, */ /* they should be sorted in lexicographical order */ /* (just like in pico_mdns_record_am_i_lexi_later) */ @@ -3000,7 +3007,7 @@ pico_mdns_getrecord_generic(struct pico_stack *S, const char *url, uint16_t typ } /* Associate the current TCP/IP stack reference to access relevant - * fields/trees + * fields/trees */ q->stack = S; diff --git a/modules/pico_mdns.h b/modules/pico_mdns.h index dbf78049..eea1a1c1 100644 --- a/modules/pico_mdns.h +++ b/modules/pico_mdns.h @@ -1,11 +1,11 @@ /* **************************************************************************** - * PicoTCP-NG + * PicoTCP-NG * Copyright (c) 2020 Daniele Lacamera * * This file also includes code from: * PicoTCP * Copyright (c) 2012-2017 Altran Intelligent Systems - * + * * SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only * * PicoTCP-NG is free software; you can redistribute it and/or modify