Skip to content

MDNS is not safe against malformed or short packets #45

Open
Open
MDNS is not safe against malformed or short packets#45
Labels
topic: codeRelated to content of the project itselftype: imperfectionPerceived defect in any part of project
@matthewgream

Description

@matthewgream
matthewgream
opened on Oct 22, 2024

The buffer is allocated according to the size of the packet:

ArduinoMDNS/MDNS.cpp

Line 532 in 00ed2b6

udpBuffer = (uint8_t*) my_malloc(udp_len); //allocate memory to hold _remaining UDP packet

  • but buffer is accessed based upon apparently number of queries in the packet header
  • and butter is accessed and offsets are increased without ensuring that end of buffer is not overrun
  • therefore, trivial ability to denial of service ArduinoMDNS devices with malformed UDP packets causing illegal instruction accesses

Metadata

Metadata

Assignees

No one assigned

    Labels

    topic: codeRelated to content of the project itselftype: imperfectionPerceived defect in any part of project

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions