Malformed DNS packets crash FreeRTOS+TCP

jjr-simiatec wrote on Friday, October 07, 2016:

While testing a PIC32 port for FreeRTOS+TCP, I’ve been using Zenmap (part of the Nmap suite) as a quick way of generating a lot of random flavoured packets quickly. After fixing my own code enough to create the illusion of stability, I discovered bad DNS packets can result in ‘bad things happening’. This is because the counted byte fields are not checked to see if they go out of bounds while parsing which results in a GPF in extreme cases.

I have patched FreeRTOS_DNS.c to keep track of buffer remaining while parsing progresses. This has at least kept the microcontroller alive against a battery of tests for the last few days.

Are the code modifications useful to anyone, or is this bug report sufficient?


rtel wrote on Friday, October 07, 2016:

Hi John, thanks for taking the time to report this. I would be grateful
if you could attached the patched file to a post so we can investigate

jjr-simiatec wrote on Thursday, October 20, 2016:

Apologies for the delay. Please find attached the modified file.

heinbali01 wrote on Friday, October 21, 2016:

Thanks John. I will check your extra checks on de DNS packets :slight_smile: