Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / bc552102ad0ba14eaf83a93a5119f316fa6481f5
commitbc552102ad0ba14eaf83a93a5119f316fa6481f5[log] [tgz]
authorRemi Gacogne <remi.gacogne@powerdns.com>Wed Dec 05 17:57:49 2018 +0100
committerWilly Tarreau <w@1wt.eu>Wed Dec 12 14:44:38 2018 +0100
tree0bdb99270107e7588497c87facd1505dd6b6fdfe
parentefbbdf72992cd20458259962346044cafd9331c0 [diff]
BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()

Since the data_len field of the dns_answer_item struct was an int16_t,
record length values larger than 2^15-1 were causing an integer
overflow and thus may have been interpreted as negative, making us
read well before the beginning of the buffer.
This might have led to information disclosure or a crash.

To be backported to 1.8, probably also 1.7.
1 file changed
tree: 0bdb99270107e7588497c87facd1505dd6b6fdfe
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. reg-tests/
  7. scripts/
  8. src/
  9. tests/
  10. .gitignore
  11. CHANGELOG
  12. CONTRIBUTING
  13. LICENSE
  14. MAINTAINERS
  15. Makefile
  16. README
  17. ROADMAP
  18. SUBVERS
  19. VERDATE
  20. VERSION