From 2e606e5823d06aece9a0d4719e07ce3b28ebeadc Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@meshlink.io>
Date: Sat, 9 Aug 2014 10:00:05 +0200
Subject: [PATCH] Fix buffer overflow in meshlink_hint_address().

---
 src/meshlink.c | 38 ++++++++++----------------------------
 src/meshlink.h |  2 +-
 src/utils.c    | 48 ------------------------------------------------
 src/utils.h    |  3 ---
 4 files changed, 11 insertions(+), 80 deletions(-)

diff --git a/src/meshlink.c b/src/meshlink.c
index 79db920b..6e2ca709 100644
--- a/src/meshlink.c
+++ b/src/meshlink.c
@@ -1677,39 +1677,21 @@ void meshlink_whitelist(meshlink_handle_t *mesh, meshlink_node_t *node) {
 /* Hint that a hostname may be found at an address
  * See header file for detailed comment.
  */
-extern void meshlink_hint_address(meshlink_handle_t *mesh, meshlink_node_t *node, struct sockaddr *addr) {
+extern void meshlink_hint_address(meshlink_handle_t *mesh, meshlink_node_t *node, const struct sockaddr *addr) {
 	if(!mesh || !node || !addr)
 		return;
 	
-	char *addr_str = malloc(MAX_ADDRESS_LENGTH*sizeof(char));
-	memset(addr_str, 0, MAX_ADDRESS_LENGTH*sizeof(char));
+	char *host = NULL, *port = NULL, *str = NULL;
+	sockaddr2str((const sockaddr_t *)addr, &host, &port);
 
-	char *port_str = malloc(MAX_PORT_LENGTH*sizeof(char));
-	memset(port_str, 0, MAX_PORT_LENGTH*sizeof(char));
-	
-	// extra byte for a space, and one to make sure string is null-terminated
-	int full_addr_len = MAX_ADDRESS_LENGTH + MAX_PORT_LENGTH + 2;
-
-	char *full_addr_str = malloc(full_addr_len*sizeof(char));
-	memset(full_addr_str, 0, full_addr_len*sizeof(char));
-	
-	// get address and port number
-	if(!get_ip_str(addr, addr_str, MAX_ADDRESS_LENGTH))
-		goto fail;
-	if(!get_port_str(addr, port_str, MAX_ADDRESS_LENGTH))
-		goto fail;
-
-	// append_config_file expects an address, a space, and then a port number
-	strcat(full_addr_str, addr_str);
-	strcat(full_addr_str, " ");
-	strcat(full_addr_str, port_str);
-	
-	append_config_file(mesh, node->name, "Address", full_addr_str);
+	if(host && port) {
+		xasprintf(&str, "%s %s", host, port);
+		append_config_file(mesh, node->name, "Address", str);
+	}
 
-fail:
-	free(addr_str);
-	free(port_str);
-	free(full_addr_str);
+	free(str);
+	free(host);
+	free(port);
 
 	// @TODO do we want to fire off a connection attempt right away?
 }
diff --git a/src/meshlink.h b/src/meshlink.h
index 96fb8d6e..c80cd228 100644
--- a/src/meshlink.h
+++ b/src/meshlink.h
@@ -589,7 +589,7 @@ extern ssize_t meshlink_channel_send(meshlink_handle_t *mesh, meshlink_channel_t
  *  			given hostname. The caller is free to overwrite or free
  *  			this memory once meshlink returns.
  */
-extern void meshlink_hint_address(meshlink_handle_t *mesh, meshlink_node_t *node, struct sockaddr *addr);
+extern void meshlink_hint_address(meshlink_handle_t *mesh, meshlink_node_t *node, const struct sockaddr *addr);
 
 #ifdef __cplusplus
 }
diff --git a/src/utils.c b/src/utils.c
index 0f7b00cc..e45e5942 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -178,51 +178,3 @@ unsigned int bitfield_to_int(const void *bitfield, size_t size) {
 	memcpy(&value, bitfield, size);
 	return value;
 }
-
-/* Write IP address from sockaddr to string.
- * Returns NULL on error.
- */
-char *get_ip_str(const struct sockaddr *sa, char *s, size_t maxlen)
-{
-	switch(sa->sa_family) {
-		case AF_INET:
-			inet_ntop(AF_INET, &(((struct sockaddr_in *)sa)->sin_addr),
-				s, maxlen);
-			break;
-
-		case AF_INET6:
-			inet_ntop(AF_INET6, &(((struct sockaddr_in6 *)sa)->sin6_addr),
-				s, maxlen);
-			break;
-
-		default:
-			strncpy(s, "Unknown AF", maxlen);
-			return NULL;
-	}
-
-	return s;
-}
-
-/* Write port from sockaddr to string.
- * Returns NULL on error.
- */
-char *get_port_str(const struct sockaddr *sa, char *s, size_t maxlen)
-{
-	switch(sa->sa_family) {
-		case AF_INET:
-			snprintf(s, maxlen, "%d",
-				ntohs(((struct sockaddr_in*)sa)->sin_port));
-			break;
-
-		case AF_INET6:
-			snprintf(s, maxlen, "%d",
-				ntohs(((struct sockaddr_in6*)sa)->sin6_port));
-			break;
-
-		default:
-			strncpy(s, "Unknown AF", maxlen);
-			return NULL;
-	}
-
-	return s;
-}
diff --git a/src/utils.h b/src/utils.h
index c0b677fc..1ea1026a 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -47,7 +47,4 @@ extern const char *winerror(int);
 
 extern unsigned int bitfield_to_int(const void *bitfield, size_t size);
 
-extern char *get_ip_str(const struct sockaddr *sa, char *s, size_t maxlen);
-extern char *get_port_str(const struct sockaddr *sa, char *s, size_t maxlen);
-
 #endif /* __MESHLINK_UTILS_H__ */
-- 
2.39.2