Re: stack overflow in getaddrinfo(3) with a small-sized stack in pthreads

[Anthony Mallet <anthony.mallet%laas.fr@localhost>]

On Monday 29 Nov 2021, at 20:38, Robert Elz wrote:
>   | In addition, I just noticed that res_nquery(3) in
>   | libc/resolv/res_query.c uses a similar buffer but of size
>   | min(PACKETSZ, 1024). PACKETSZ seems to be 512 bytes only.
>
> That is as it shoukd be.
> PR tge huge stack array if yiu want, but not the different sizes.
>
> DNS queries (via UDP) are limited to max 512, as that is what the
> protocol always required, so can be handled by everything (or should be).
> Further, that's big enough fro almost every query, in which the only
> large object is thd domain name to lookup which is limited to 256 bytes.
>
> Replies however can be any size (allowed by UDP) as the query can inform
> tge server what max size reply csn be received.

OK. But then I don't see why the res_queryN() function in net/getaddrinfo.c
( https://anonhg.netbsd.org/src/file/tip/lib/libc/net/getaddrinfo.c#l2550 )
would need more than PACKETSZ bytes to send a query. It seems to me
(but I might be wrong) that the function is doing the same as
res_nquery() in resolv/res_query.c, and the answers are stored in the
input buffer passed in "target" as a parameter, not in the buffer on
the stack.

Am I missing something?

It seems to me that rev. 1.63 of net/getaddrinfo.c
( http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/net/getaddrinfo.c.diff?r1=1.62&r2=1.63 )
correctly updated the buffer size for the function _dns_query, but as
an unwanted side effect also increased the req_queryN() that uses the
same MAXPACKET definition.