Re: [PATCH v2] dns_resolver: assure that dns_query() result is null-terminated
From: David Rientjes
Date: Sat Jun 07 2014 - 17:43:09 EST
On Sat, 7 Jun 2014, Manuel SchÃlling wrote:
> dns_query() credulously assumes that keys are null-terminated and
> returns a copy of a memory block that is off by one.
No sign-off? Please read Documentation/SubmittingPatches.
> ---
> net/dns_resolver/dns_query.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
> index e7b6d53..84871a2 100644
> --- a/net/dns_resolver/dns_query.c
> +++ b/net/dns_resolver/dns_query.c
> @@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, size_t namelen,
> len = upayload->datalen;
>
> ret = -ENOMEM;
> - *_result = kmalloc(len + 1, GFP_KERNEL);
> + *_result = kzalloc(len + 1, GFP_KERNEL);
> if (!*_result)
> goto put;
>
> - memcpy(*_result, upayload->data, len + 1);
> + memcpy(*_result, upayload->data, len);
> if (_expiry)
> *_expiry = rkey->expiry;
>
kzalloc() would be unnecessary overhead (zeroing definitely comes with a
cost) if you're going to copy to the memory immediately afterwards. Just
leave the kmalloc(), do the memcpy() and explicitly zero terminate it
_result.