From ec0051a56921e973bdaabd55b7d2d9252be15a69 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Wed, 2 Mar 2016 17:29:17 -0800 Subject: [PATCH] Don't allocate a new address buffer if we receive multiple responses The current logic in the DNS resolution code allocates an address buffer based on the number of addresses in the response packet. If we receive multiple response packets in response to a single query packet, this means that we will reallocate a new buffer large enough for only the addresses in that specific packet, discarding any previous results in the process. Worse, we still keep track of the *total* number of addresses resolved in response to this query, not merely the number in the packet being currently processed. Use realloc() rather than malloc() to avoid overwriting the existing data, and allocate a buffer large enough for the total set of addresses rather than merely the number in this specific response. --- grub-core/net/dns.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c index 89741dd7d..35942d6b8 100644 --- a/grub-core/net/dns.c +++ b/grub-core/net/dns.c @@ -276,8 +276,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), ptr++; ptr += 4; } - *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) - * grub_be_to_cpu16 (head->ancount)); + *data->addresses = grub_realloc (*data->addresses, sizeof ((*data->addresses)[0]) + * (grub_be_to_cpu16 (head->ancount) + *data->naddresses)); if (!*data->addresses) { grub_errno = GRUB_ERR_NONE;