All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] dnsproxy: fix signedness warnings
@ 2024-03-27 19:12 Brian Fukano
  0 siblings, 0 replies; only message in thread
From: Brian Fukano @ 2024-03-27 19:12 UTC (permalink / raw)
  To: bfukano, connman

This fixes the signdness warnings in dnsproxy.c
---
 src/dnsproxy.c | 50 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/src/dnsproxy.c b/src/dnsproxy.c
index d4242560..a25fde35 100644
--- a/src/dnsproxy.c
+++ b/src/dnsproxy.c
@@ -417,30 +417,30 @@ static void refresh_dns_entry(struct cache_entry *entry, char *name)
 		entry->hits = 0;
 }
 
-static size_t dns_name_length(const unsigned char *buf)
+static size_t dns_name_length(const unsigned char *buf, size_t len)
 {
 	if ((buf[0] & NS_CMPRSFLGS) == NS_CMPRSFLGS) /* compressed name */
 		return 2;
-	return strlen((const char *)buf) + 1;
+	return strnlen((const char *)buf, len) + 1;
 }
 
-static void update_cached_ttl(unsigned char *ptr, int len, int new_ttl)
+static void update_cached_ttl(unsigned char *ptr, size_t len, int new_ttl)
 {
 	size_t name_len;
 	const uint32_t raw_ttl = ntohl((uint32_t)new_ttl);
 
-	if (new_ttl < 0)
+	if (new_ttl < 0 || len < DNS_HEADER_SIZE + DNS_QUESTION_SIZE + 1)
 		return;
 
 	/* skip the header */
 	ptr += DNS_HEADER_SIZE;
 	len -= DNS_HEADER_SIZE;
 
-	if (len < DNS_QUESTION_SIZE + 1)
-		return;
-
 	/* skip the query, which is a name and a struct domain_question */
-	name_len = dns_name_length(ptr);
+	name_len = dns_name_length(ptr, len);
+
+	if (len < name_len + DNS_QUESTION_SIZE)
+		return;
 
 	ptr += name_len + DNS_QUESTION_SIZE;
 	len -= name_len + DNS_QUESTION_SIZE;
@@ -452,11 +452,12 @@ static void update_cached_ttl(unsigned char *ptr, int len, int new_ttl)
 		size_t rr_len;
 
 		/* first a name */
-		name_len = dns_name_length(ptr);
+		name_len = dns_name_length(ptr, len);
+		if (len < name_len)
+			break;
+
 		ptr += name_len;
 		len -= name_len;
-		if (len < 0)
-			break;
 
 		rr = (void*)ptr;
 		if (len < sizeof(*rr))
@@ -468,6 +469,9 @@ static void update_cached_ttl(unsigned char *ptr, int len, int new_ttl)
 
 		/* skip to the next record */
 		rr_len = sizeof(*rr) + ntohs(rr->rdlen);
+		if (len < rr_len)
+			break;
+
 		ptr += rr_len;
 		len -= rr_len;
 	}
@@ -507,8 +511,8 @@ static void send_cached_response(int sk, const unsigned char *ptr, size_t len,
 	/* if this is a negative reply, we are authoritative */
 	if (answers == 0)
 		hdr->aa = 1;
-	else {
-		const int adj_len = len - 2;
+	else if (len > 2){
+		const size_t adj_len = len - 2;
 		update_cached_ttl((unsigned char *)hdr, adj_len, ttl);
 	}
 
@@ -520,7 +524,9 @@ static void send_cached_response(int sk, const unsigned char *ptr, size_t len,
 		connman_error("Cannot send cached DNS response: %s",
 				strerror(errno));
 	}
-	else if (err != len || dns_len != (len - offset))
+
+	size_t bytes_sent = err;
+	if (bytes_sent != len || dns_len != (len - offset))
 		debug("Packet length mismatch, sent %d wanted %zd dns %zd",
 			err, len, dns_len);
 }
@@ -655,8 +661,8 @@ static int append_data(unsigned char *buf, size_t size, const char *data)
 	size_t len;
 
 	while (true) {
-		const char *dot = strchr(data, '.');
-		len = dot ? dot - data : strlen(data);
+		const char *dot = strchrnul(data, '.');
+		len = dot - data;
 
 		if (len == 0)
 			break;
@@ -1063,7 +1069,7 @@ static int parse_response(const unsigned char *buf, size_t buflen,
 	qlen = strlen(question);
 	ptr += qlen + 1; /* skip \0 */
 
-	if ((eptr - ptr) < DNS_QUESTION_SIZE)
+	if (ptr + DNS_QUESTION_SIZE >= eptr)
 		return -EINVAL;
 
 	q = (void *) ptr;
@@ -1398,7 +1404,7 @@ static int reply_query_type(const unsigned char *msg, int len)
 		return 0;
 
 	/* now the query, which is a name and 2 16 bit words for type and class */
-	c += dns_name_length(c);
+	c += dns_name_length(c, len);
 
 	type = c[0] << 8 | c[1];
 
@@ -2031,7 +2037,7 @@ static int dns_reply_fixup_domains(
 	const char *domain;
 
 	/* full header plus at least one byte for the hostname length */
-	if (reply_len < header_len + 1)
+	if (reply_len < header_len + 1U)
 		return -EINVAL;
 
 	section_counts[0] = hdr->ancount;
@@ -2510,6 +2516,7 @@ hangup:
 
 		if (!reply) {
 			uint16_t reply_len;
+			size_t bytes_len;
 
 			bytes_recv = recv(sk, &reply_len, sizeof(reply_len), MSG_PEEK);
 			if (!bytes_recv) {
@@ -2521,7 +2528,10 @@ hangup:
 				connman_error("DNS proxy error %s",
 						strerror(errno));
 				goto hangup;
-			} else if (bytes_recv < sizeof(reply_len))
+			}
+
+			bytes_len = bytes_recv;
+			if (bytes_len < sizeof(reply_len))
 				return TRUE;
 
 			/* the header contains the length of the message
-- 
2.34.1


^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2024-03-27 19:12 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-27 19:12 [PATCH v2] dnsproxy: fix signedness warnings Brian Fukano

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.