[Dnsmasq-discuss] Maybe there is a typo in build_server_array()

Xingcong Li lixingcong512 at gmail.com
Thu Jul 1 02:06:58 UTC 2021


Hello, Is there a typo in function build_server_array()? (in file
domain-match.c)

  for (serv = daemon->servers; serv; serv = serv->next, count++)
#ifdef HAVE_LOOP
    if (!(serv->flags & SERV_LOOP))
#endif
      {
daemon->serverarray[count] = serv;
serv->serial = count;
serv->last_server = -1;
      }

I think the variable count should not increase every time, it should
increase when sever has no SERV_LOOP flag.(see below)

  for (serv = daemon->servers; serv; serv = serv->next)
#ifdef HAVE_LOOP
    if (!(serv->flags & SERV_LOOP))
#endif
      {
daemon->serverarray[count] = serv;
serv->serial = count;
serv->last_server = -1;
count++;
      }

Considering that there is more than 10 servers which have SERV_LOOP, read
memory of daemon->serverarray[count] could be out of array bound.

if (count > daemon->serverarrayhwm)
{
struct server **new;
count += 10; /* A few extra without re-allocating. */
if ((new = whine_malloc(count * sizeof(struct server *))))

...
}

Correct me if I'm wrong.

Regards,
Xingcong Li
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210701/d7715b7e/attachment.htm>


More information about the Dnsmasq-discuss mailing list