diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-08-21 14:20:03 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-08-21 12:00:02 +0200 |
commit | 1d10760c9f9bdede3b9a8a13a739fd5915aa2b19 (patch) | |
tree | fb6d3f671a5e352b6d6afc40431d19fa01138328 | |
parent | 6852bd07ccd7d155e018b8a80153bc153f7b00cc (diff) | |
download | passt-1d10760c9f9bdede3b9a8a13a739fd5915aa2b19.tar passt-1d10760c9f9bdede3b9a8a13a739fd5915aa2b19.tar.gz passt-1d10760c9f9bdede3b9a8a13a739fd5915aa2b19.tar.bz2 passt-1d10760c9f9bdede3b9a8a13a739fd5915aa2b19.tar.lz passt-1d10760c9f9bdede3b9a8a13a739fd5915aa2b19.tar.xz passt-1d10760c9f9bdede3b9a8a13a739fd5915aa2b19.tar.zst passt-1d10760c9f9bdede3b9a8a13a739fd5915aa2b19.zip |
conf: Move DNS array bounds checks into add_dns[46]
Every time we call add_dns[46] we need to first check if there's space in
the c->ip[46].dns array for the new entry. We might as well make that
check in add_dns[46]() itself.
In fact it looks like the calls in get_dns() had an off by one error, not
allowing the last entry of the array to be filled. So, that bug is also
fixed by the change.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r-- | conf.c | 18 |
1 files changed, 10 insertions, 8 deletions
@@ -363,6 +363,9 @@ static unsigned add_dns4(struct ctx *c, const struct in_addr *addr, { unsigned added = 0; + if (idx >= ARRAY_SIZE(c->ip4.dns)) + return 0; + /* Guest or container can only access local addresses via redirect */ if (IN4_IS_ADDR_LOOPBACK(addr)) { if (!c->no_map_gw) { @@ -395,6 +398,9 @@ static unsigned add_dns6(struct ctx *c, struct in6_addr *addr, unsigned idx) { unsigned added = 0; + if (idx >= ARRAY_SIZE(c->ip6.dns)) + return 0; + /* Guest or container can only access local addresses via redirect */ if (IN6_IS_ADDR_LOOPBACK(addr)) { if (!c->no_map_gw) { @@ -453,12 +459,10 @@ static void get_dns(struct ctx *c) if (end) *end = 0; - if (!dns4_set && dns4_idx < ARRAY_SIZE(c->ip4.dns) - 1 - && inet_pton(AF_INET, p + 1, &dns4_tmp)) + if (!dns4_set && inet_pton(AF_INET, p + 1, &dns4_tmp)) dns4_idx += add_dns4(c, &dns4_tmp, dns4_idx); - if (!dns6_set && dns6_idx < ARRAY_SIZE(c->ip6.dns) - 1 - && inet_pton(AF_INET6, p + 1, &dns6_tmp)) + if (!dns6_set && inet_pton(AF_INET6, p + 1, &dns6_tmp)) dns6_idx += add_dns6(c, &dns6_tmp, dns6_idx); } else if (!dnss_set && strstr(line, "search ") == line && s == c->dns_search) { @@ -1682,14 +1686,12 @@ void conf(struct ctx *c, int argc, char **argv) c->no_dns = 0; - if (dns4_idx < ARRAY_SIZE(c->ip4.dns) && - inet_pton(AF_INET, optarg, &dns4_tmp)) { + if (inet_pton(AF_INET, optarg, &dns4_tmp)) { dns4_idx += add_dns4(c, &dns4_tmp, dns4_idx); continue; } - if (dns6_idx < ARRAY_SIZE(c->ip6.dns) && - inet_pton(AF_INET6, optarg, &dns6_tmp)) { + if (inet_pton(AF_INET6, optarg, &dns6_tmp)) { dns6_idx += add_dns6(c, &dns6_tmp, dns6_idx); continue; } |