in dns parsing callback, enforce MAXADDRS to preclude overflow · 45ca5d3fcb - Gogs

in dns parsing callback, enforce MAXADDRS to preclude overflow

MAXADDRS was chosen not to need enforcement, but the logic used to
compute it assumes the answers received match the RR types of the
queries. specifically, it assumes that only one replu contains A
record answers. if the replies to both the A and the AAAA query have
their answer sections filled with A records, MAXADDRS can be exceeded
and clobber the stack of the calling function.

this bug was found and reported by Felix Wilhelm.

Rich Felker 7 년 전

부모

5b5eb527c5

커밋

45ca5d3fcb

1개의 변경된 파일과 1개의 추가작업 그리고 0개의 파일을 삭제

분할 보기 변경상태 보기

						
							+ 1
							
							- 0
						
src/network/lookup_name.c
							 
								파일 보기
							
				@@ -111,6 +111,7 @@ static int dns_parse_callback(void *c, int rr, const void *data, int len, const
			
				 {
			
				 	char tmp[256];
			
				 	struct dpc_ctx *ctx = c;
			
				+	if (ctx->cnt >= MAXADDRS) return -1;
			
				 	switch (rr) {
			
				 	case RR_A:
			
				 		if (len != 4) return -1;