On 01/07/2021 03:06, Xingcong Li wrote:
> Hello, Is there a typo in function build_server_array()? (in file
> domain-match.c)
>
> for (serv = daemon->servers; serv; serv = serv->next, count++)
> #ifdef HAVE_LOOP
> if (!(serv->flags & SERV_LOOP))
> #endif
> {
> daemon->serverarray[count] = serv;
> serv->serial = count;
> serv->last_server = -1;
> }
>
> I think the variable count should not increase every time, it should
> increase when sever has no SERV_LOOP flag.(see below)
>
> for (serv = daemon->servers; serv; serv = serv->next)
> #ifdef HAVE_LOOP
> if (!(serv->flags & SERV_LOOP))
> #endif
> {
> daemon->serverarray[count] = serv;
> serv->serial = count;
> serv->last_server = -1;
> count++;
> }
>
> Considering that there is more than 10 servers which have SERV_LOOP,
> read memory of daemon->serverarray[count] could be out of array bound.
>
> if (count > daemon->serverarrayhwm)
> {
> struct server **new;
> count += 10; /* A few extra without re-allocating. */
> if ((new = whine_malloc(count * sizeof(struct server *))))
>
> ...
> }
>
> Correct me if I'm wrong.
>
You are not wrong. Patch applied, many thanks for spotting this.
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
