While testing a PIC32 port for FreeRTOS+TCP, I’ve been using Zenmap (part of the Nmap suite) as a quick way of generating a lot of random flavoured packets quickly. After fixing my own code enough to create the illusion of stability, I discovered bad DNS packets can result in ‘bad things happening’. This is because the counted byte fields are not checked to see if they go out of bounds while parsing which results in a GPF in extreme cases.
I have patched FreeRTOS_DNS.c to keep track of buffer remaining while parsing progresses. This has at least kept the microcontroller alive against a battery of tests for the last few days.
Are the code modifications useful to anyone, or is this bug report sufficient?