Skip to content

Commit f8d9a43

Browse files
committed
address: fix buffer overflow
Update tests to work on Debian 11.
1 parent 822bb80 commit f8d9a43

File tree

10 files changed

+37
-6
lines changed

10 files changed

+37
-6
lines changed

Diff for: ChangeLog

+6
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
2023-03-16 Dustin Lundquist <dustin@null-ptr.net>
2+
0.6.1 Release
3+
4+
* Fix buffer overflow in address module
5+
* Fix tests
6+
17
2018-12-05 Dustin Lundquist <dustin@null-ptr.net>
28
0.6.0 Release
39

Diff for: configure.ac

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
# Process this file with autoconf to produce a configure script.
33

44
AC_PREREQ([2.60])
5-
AC_INIT([sniproxy], [0.6.0])
5+
AC_INIT([sniproxy], [0.6.1])
66
AC_CONFIG_SRCDIR([src/sniproxy.c])
77
AC_CONFIG_MACRO_DIR([m4])
88
AM_INIT_AUTOMAKE([subdir-objects])

Diff for: debian/changelog

+8-1
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
1+
sniproxy (0.6.1) unstable; urgency=high
2+
3+
* Fix buffer overflow in address module
4+
* Fix tests
5+
6+
-- Dustin Lundquist <dustin@null-ptr.net> Thu, 16 Mar 2023 21:53:48 -0700
7+
18
sniproxy (0.6.0) unstable; urgency=medium
29

310
* PROXY v1 protocol support
@@ -10,7 +17,7 @@ sniproxy (0.6.0) unstable; urgency=medium
1017
sniproxy (0.5.0) unstable; urgency=medium
1118

1219
* Transparent proxy support
13-
* Use accept4() on Linix
20+
* Use accept4() on Linux
1421
* Run as group specified in config
1522

1623
-- Dustin Lundquist <dustin@null-ptr.net> Wed, 26 Apr 2017 07:17:13 -0700

Diff for: debian/compat

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
8
1+
10

Diff for: redhat/sniproxy.spec

+5-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
Name: sniproxy
2-
Version: 0.6.0
2+
Version: 0.6.1
33
Release: 1%{?dist}
44
Summary: Transparent TLS and HTTP layer 4 proxy with SNI support
55

@@ -46,6 +46,10 @@ rm -rf $RPM_BUILD_ROOT
4646

4747

4848
%changelog
49+
* Thu Mar 16 2023 Dustin Lundquist <dustin@null-ptr.net 0.6.1-1
50+
- Fix buffer overflow in address module
51+
- Fix tests
52+
4953
* Wed Dec 5 2018 Dustin Lundquist <dustin@null-ptr.net> 0.6.0-1
5054
- PROXY v1 protocol support
5155
- SO_REUSEPORT support on Linux 3.9 and later

Diff for: setver.sh

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#!/bin/sh
22

3-
VERSION=0.6.0
3+
VERSION=0.6.1
44

55
SOURCE_DIR=$(dirname $0)
66
GIT_DIR=${SOURCE_DIR}/.git

Diff for: src/address.c

+2
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,8 @@ new_address(const char *hostname_or_ip) {
148148
if (hostname_or_ip[0] == '[' &&
149149
(port = strchr(hostname_or_ip, ']')) != NULL) {
150150
len = (size_t)(port - hostname_or_ip - 1);
151+
if (len >= INET6_ADDRSTRLEN)
152+
return NULL;
151153

152154
/* inet_pton() will not parse the IP correctly unless it is in a
153155
* separate string.

Diff for: tests/Makefile.am

+2
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
AM_CPPFLAGS = -I$(top_srcdir)/src -g $(LIBEV_CFLAGS) $(LIBPCRE_CFLAGS) $(LIBUDNS_CFLAGS)
22
AM_CFLAGS = -fno-strict-aliasing -Wall -Wextra -Wpedantic -Wwrite-strings
33

4+
.NOTPARALLEL:
5+
46
TESTS = address_test \
57
buffer_test \
68
cfg_tokenizer_test \

Diff for: tests/bad_dns_request_test

+5
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,11 @@ my $bad_requests = [
3535
request => "GET / HTTP/1.1\r\nHost: \0example.com\r\n\r\n",
3636
client => \&http_client,
3737
},
38+
{
39+
# Exceed hostname buffer size
40+
request => "GET / HTTP/1.1\r\nHost: [" . 'long.' x 60 . "example.com]\r\n\r\n",
41+
client => \&http_client,
42+
},
3843
{
3944
# Test client aborting connection before DNS response received
4045
request => "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n",

Diff for: tests/slow_client_test

+6-1
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,16 @@ sub slow_client($$) {
3131
my $socket = IO::Socket::INET->new(PeerAddr => '127.0.0.1',
3232
PeerPort => $port,
3333
Proto => "tcp",
34-
Type => SOCK_STREAM)
34+
Type => SOCK_STREAM,
35+
Timeout => 5)
3536
or die "couldn't connect $!";
3637

3738
$socket->send($request);
3839
foreach (split("\r\n", $request)) {
40+
unless ($socket->connected()) {
41+
print "Disconnected\n";
42+
exit(0);
43+
}
3944
$socket->send("$_\r\n");
4045
sleep(1);
4146
}

0 commit comments

Comments
 (0)