BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response() A regression was introduced with efbbdf72 BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() as it prevented from taking into account the last byte of the payload. this patch aims at fixing it. this must be backported in 1.8.

commit: 8d4e7dc880d2094658fead50dedd9c22c95c556a [log] [tgz]
author: Jérôme Magnin <jmagnin@haproxy.com> Thu Dec 20 16:47:31 2018 +0100
committer: Willy Tarreau <w@1wt.eu> Thu Dec 20 17:13:02 2018 +0100
tree: b358a3aed4f8d827777f511e7406269c9508804d
parent: 645b33d2332d263d00ecf2077c74c988655af0e2 [diff]
diff --git a/src/dns.c b/src/dns.c
index c1396f5..78d8f52 100644
--- a/src/dns.c
+++ b/src/dns.c

@@ -810,7 +810,7 @@
 		/* Move forward 2 bytes for data len */
 		reader += 2;
 
-		if (reader + dns_answer_record->data_len >= bufend) {
+		if (reader + dns_answer_record->data_len > bufend) {
 			pool_free(dns_answer_item_pool, dns_answer_record);
 			return DNS_RESP_INVALID;
 		}
commit	8d4e7dc880d2094658fead50dedd9c22c95c556a	[log] [tgz]
author	Jérôme Magnin <jmagnin@haproxy.com>	Thu Dec 20 16:47:31 2018 +0100
committer	Willy Tarreau <w@1wt.eu>	Thu Dec 20 17:13:02 2018 +0100
tree	b358a3aed4f8d827777f511e7406269c9508804d
parent	645b33d2332d263d00ecf2077c74c988655af0e2 [diff]