Skip to content

net: dns: dispatcher: fix OOB array access #89827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kartben merged 1 commit into from
May 14, 2025
Merged

net: dns: dispatcher: fix OOB array access #89827

kartben merged 1 commit into from
May 14, 2025

Conversation

@JordanYates
Copy link
Contributor

@JordanYates JordanYates commented May 12, 2025

Validate that the file descriptor is not a negative number before writing to the dispatch_table ctx field. Setting file descriptors to -1 is the standard "not in use" value, and in fact the entire array of fds is set to this value in dns_resolve_init_locked. This resolves memory corruption of whichever variable is unfortunate to exist just before dispatch_table in memory.

@JordanYates
net: dns: dispatcher: fix OOB array access
3c813cb 
Validate that the file descriptor is not a negative number before
writing to the `dispatch_table` `ctx` field. Setting file descriptors
to `-1` is the standard "not in use" value, and in fact the entire array
of `fds` is set to this value in `dns_resolve_init_locked`. This
resolves memory corruption of whichever variable is unfortunate to exist
just before `dispatch_table` in memory.

Signed-off-by: Jordan Yates <jordan@embeint.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented May 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@kartben kartben merged commit 0f1d7d3 into zephyrproject-rtos:main May 14, 2025
31 checks passed
@github-actions github-actions bot mentioned this pull request May 14, 2025
Merged
@JordanYates JordanYates deleted the 250512_dns_oob_access branch May 14, 2025 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pdgendt pdgendt pdgendt approved these changes

@rlubos rlubos rlubos approved these changes

@jukkar jukkar Awaiting requested review from jukkar

@ssharks ssharks Awaiting requested review from ssharks

@tbursztyka tbursztyka Awaiting requested review from tbursztyka

Assignees

@jukkar jukkar

@rlubos rlubos

Labels

area: Networking

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@JordanYates @pdgendt @rlubos @kartben @jukkar