Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MDNS is not safe against malformed or short packets #45

Open
matthewgream opened this issue Oct 22, 2024 · 0 comments
Open

MDNS is not safe against malformed or short packets #45

matthewgream opened this issue Oct 22, 2024 · 0 comments
Labels
topic: code Related to content of the project itself type: imperfection Perceived defect in any part of project

Comments

@matthewgream
Copy link

matthewgream commented Oct 22, 2024
edited by per1234
Loading

The buffer is allocated according to the size of the packet:

ArduinoMDNS/MDNS.cpp

Line 532 in 00ed2b6

udpBuffer = (uint8_t*) my_malloc(udp_len); //allocate memory to hold _remaining UDP packet

  • but buffer is accessed based upon apparently number of queries in the packet header
  • and butter is accessed and offsets are increased without ensuring that end of buffer is not overrun
  • therefore, trivial ability to denial of service ArduinoMDNS devices with malformed UDP packets causing illegal instruction accesses
@per1234 per1234 added type: imperfection Perceived defect in any part of project topic: code Related to content of the project itself labels Oct 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: code Related to content of the project itself type: imperfection Perceived defect in any part of project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@per1234 @matthewgream