<div dir="ltr"><div>Hello,</div><br><div>In this part of code in translate_dnssearch;</div><div><br></div><div><pre class="gmail-code gmail-highlight" lang="c"><span id="gmail-LC263" class="gmail-line" lang="c">    <span class="gmail-k">for</span> <span class="gmail-p">(</span><span class="gmail-n">i</span> <span class="gmail-o">=</span> <span class="gmail-mi">0</span><span class="gmail-p">;</span> <span class="gmail-n">i</span> <span class="gmail-o"><</span> <span class="gmail-n">num_domains</span><span class="gmail-p">;</span> <span class="gmail-n">i</span><span class="gmail-o">++</span><span class="gmail-p">)</span> <span class="gmail-p">{</span></span>
<span id="gmail-LC264" class="gmail-line" lang="c">        <span class="gmail-n">domains</span><span class="gmail-p">[</span><span class="gmail-n">i</span><span class="gmail-p">].</span><span class="gmail-n">labels</span> <span class="gmail-o">=</span> <span class="gmail-n">outptr</span><span class="gmail-p">;</span></span>
<span id="gmail-LC265" class="gmail-line" lang="c">        <span class="gmail-n">domain_mklabels</span><span class="gmail-p">(</span><span class="gmail-n">domains</span> <span class="gmail-o">+</span> <span class="gmail-n">i</span><span class="gmail-p">,</span> <span class="gmail-n">names</span><span class="gmail-p">[</span><span class="gmail-n">i</span><span class="gmail-p">]);</span></span>
<span id="gmail-LC266" class="gmail-line" lang="c">        <span class="gmail-n">outptr</span> <span class="gmail-o">+=</span> <span class="gmail-n">domains</span><span class="gmail-p">[</span><span class="gmail-n">i</span><span class="gmail-p">].</span><span class="gmail-n">len</span><span class="gmail-p">;</span></span>
<span id="gmail-LC267" class="gmail-line" lang="c">    <span class="gmail-p">}</span></span>
<span id="gmail-LC268" class="gmail-line" lang="c"></span>
<span id="gmail-LC269" class="gmail-line" lang="c">    <span class="gmail-k">if</span> <span class="gmail-p">(</span><span class="gmail-n">outptr</span> <span class="gmail-o">==</span> <span class="gmail-n">result</span><span class="gmail-p">)</span> <span class="gmail-p">{</span></span>
<span id="gmail-LC270" class="gmail-line" lang="c">        <span class="gmail-n">g_free</span><span class="gmail-p">(</span><span class="gmail-n">domains</span><span class="gmail-p">);</span></span>
<span id="gmail-LC271" class="gmail-line" lang="c">        <span class="gmail-n">g_free</span><span class="gmail-p">(</span><span class="gmail-n">result</span><span class="gmail-p">);</span></span>
<span id="gmail-LC272" class="gmail-line" lang="c">        <span class="gmail-k">return</span> <span class="gmail-o">-</span><span class="gmail-mi">1</span><span class="gmail-p">;</span></span>
<span id="gmail-LC273" class="gmail-line" lang="c">    <span class="gmail-p">}</span></span>
<br><br></pre></div><div><div>If we have 2 domains where the second one ends with "..", the 
string is not null terminated thus it may cause memory corruption issues
 in later usage of this heap allocated string.</div><div>I was not able to dive really deep into the issue since it was not in the scope of my research.<br></div><div>Note that we need 2 domains so we can bypass the later check and not return.</div></div><div><br></div><div>Cheers,</div><div>fuzzerakos<br> </div></div>