commit | bc552102ad0ba14eaf83a93a5119f316fa6481f5 | [log] [tgz] |
---|---|---|
author | Remi Gacogne <remi.gacogne@powerdns.com> | Wed Dec 05 17:57:49 2018 +0100 |
committer | Willy Tarreau <w@1wt.eu> | Wed Dec 12 14:44:38 2018 +0100 |
tree | 0bdb99270107e7588497c87facd1505dd6b6fdfe | |
parent | efbbdf72992cd20458259962346044cafd9331c0 [diff] |
BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() Since the data_len field of the dns_answer_item struct was an int16_t, record length values larger than 2^15-1 were causing an integer overflow and thus may have been interpreted as negative, making us read well before the beginning of the buffer. This might have led to information disclosure or a crash. To be backported to 1.8, probably also 1.7.