Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / efbbdf72992cd20458259962346044cafd9331c0
commitefbbdf72992cd20458259962346044cafd9331c0[log] [tgz]
authorRemi Gacogne <remi.gacogne@powerdns.com>Wed Dec 05 17:56:29 2018 +0100
committerWilly Tarreau <w@1wt.eu>Wed Dec 12 14:44:29 2018 +0100
tree8eb99af431453a26c1da8839ba1d9377287eba37
parent2d19fbcab21356f5aee1f2a52591a38665360bb6 [diff]
BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()

We need to make sure that the record length is not making us read
past the end of the data we received.
Before this patch we could for example read the 16 bytes
corresponding to an AAAA record from the non-initialized part of
the buffer, possibly accessing anything that was left on the stack,
or even past the end of the 8193-byte buffer, depending on the
value of accepted_payload_size.

To be backported to 1.8, probably also 1.7.
1 file changed
tree: 8eb99af431453a26c1da8839ba1d9377287eba37
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. reg-tests/
  7. scripts/
  8. src/
  9. tests/
  10. .gitignore
  11. CHANGELOG
  12. CONTRIBUTING
  13. LICENSE
  14. MAINTAINERS
  15. Makefile
  16. README
  17. ROADMAP
  18. SUBVERS
  19. VERDATE
  20. VERSION