tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: stack overflow in getaddrinfo(3) with a small-sized stack in pthreads

On Monday 29 Nov 2021, at 20:38, Robert Elz wrote:
>   | In addition, I just noticed that res_nquery(3) in
>   | libc/resolv/res_query.c uses a similar buffer but of size
>   | min(PACKETSZ, 1024). PACKETSZ seems to be 512 bytes only.
> That is as it shoukd be.
> PR tge huge stack array if yiu want, but not the different sizes.
> DNS queries (via UDP) are limited to max 512, as that is what the
> protocol always required, so can be handled by everything (or should be).
> Further, that's big enough fro almost every query, in which the only
> large object is thd domain name to lookup which is limited to 256 bytes.
> Replies however can be any size (allowed by UDP) as the query can inform
> tge server what max size reply csn be received.

OK. But then I don't see why the res_queryN() function in net/getaddrinfo.c
( )
would need more than PACKETSZ bytes to send a query. It seems to me
(but I might be wrong) that the function is doing the same as
res_nquery() in resolv/res_query.c, and the answers are stored in the
input buffer passed in "target" as a parameter, not in the buffer on
the stack.

Am I missing something?

It seems to me that rev. 1.63 of net/getaddrinfo.c
( )
correctly updated the buffer size for the function _dns_query, but as
an unwanted side effect also increased the req_queryN() that uses the
same MAXPACKET definition.

Home | Main Index | Thread Index | Old Index