From 5dbe640ec577c4423130f5f48949ad7ea51a53e6 Mon Sep 17 00:00:00 2001 From: Anime4000 Date: Sun, 17 Apr 2016 23:24:34 +0900 Subject: [PATCH 1/3] mingw don't use arpa/inet.h (#2) don't use arpa/inet.h in mingw --- src/iodine.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iodine.c b/src/iodine.c index 1e95f00..3b79c9c 100644 --- a/src/iodine.c +++ b/src/iodine.c @@ -27,7 +27,6 @@ #include #include #include -#include #ifdef WINDOWS32 #include "windows.h" @@ -36,6 +35,7 @@ #include #include #include +#include #endif #include "common.h" From 4c2f9bf4b7b164119b6a4f4e073c1f4599103d9a Mon Sep 17 00:00:00 2001 From: WGH Date: Wed, 3 Aug 2016 01:12:24 +0300 Subject: [PATCH 2/3] fixed buffer overflow in handle_null_request() --- src/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server.c b/src/server.c index d5ec1bc..b8100f4 100644 --- a/src/server.c +++ b/src/server.c @@ -1854,7 +1854,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) { char cmd, userchar; int userid = -1; - uint8_t in[QUERY_NAME_SIZE]; + uint8_t in[QUERY_NAME_SIZE + 1]; /* Everything here needs at least 5 chars in the name: * cmd, userid and more data or at least 3 bytes CMC */ From 93cf0e67ba9fbf1ff50a746effd3d809ab56fd45 Mon Sep 17 00:00:00 2001 From: WGH Date: Wed, 3 Aug 2016 01:15:06 +0300 Subject: [PATCH 3/3] fixed buffer overflow and use of uninitialized memory in handle_dns_login --- src/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server.c b/src/server.c index b8100f4..80c08ae 100644 --- a/src/server.c +++ b/src/server.c @@ -1532,7 +1532,7 @@ handle_dns_login(int dns_fd, struct query *q, uint8_t *domain, int domain_len, i tcp_forward_error: DEBUG(1, "Failed to connect TCP forward for user %d: %s", userid, errormsg); out[0] = 'E'; - strncat(out + 1, errormsg, sizeof(out) - 1); + strncpy(out + 1, errormsg, sizeof(out) - 1); read = strlen(out); write_dns(dns_fd, q, out, read + 1, u->downenc); }