|
 |
df3714 |
From 15d96206996bea969fbc918eb0a4a346f514b9f3 Mon Sep 17 00:00:00 2001
|
|
|
df3714 |
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
|
|
|
df3714 |
Date: Tue, 24 Sep 2019 16:50:27 +0200
|
|
|
df3714 |
Subject: [PATCH 1/2] * bugfix #70: heap Out-of-bound Read vulnerability in
|
|
|
df3714 |
rr_frm_str_internal reported by pokerfacett.
|
|
|
df3714 |
|
|
|
df3714 |
From 4e9861576a600a5ecfa16ec2de853c90dd9ce276 Mon Sep 17 00:00:00 2001
|
|
|
df3714 |
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
|
|
|
df3714 |
Date: Tue, 24 Sep 2019 16:51:09 +0200
|
|
|
df3714 |
Subject: [PATCH 2/2] Fix #70 fix code.
|
|
|
df3714 |
|
|
|
df3714 |
diff --git a/ldns-1.7.1/rr.c b/ldns-1.7.1/rr.c
|
|
|
df3714 |
index 6642aca7..adf67ae4 100644
|
|
|
df3714 |
--- a/ldns-1.7.1/rr.c
|
|
|
df3714 |
+++ b/ldns-1.7.1/rr.c
|
|
|
df3714 |
@@ -365,15 +365,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
|
|
|
df3714 |
ldns_buffer_remaining(rd_buf) > 0){
|
|
|
df3714 |
|
|
|
df3714 |
/* skip spaces */
|
|
|
df3714 |
- while (*(ldns_buffer_current(rd_buf)) == ' ') {
|
|
|
df3714 |
+ while (ldns_buffer_remaining(rd_buf) > 0 &&
|
|
|
df3714 |
+ *(ldns_buffer_current(rd_buf)) == ' ') {
|
|
|
df3714 |
ldns_buffer_skip(rd_buf, 1);
|
|
|
df3714 |
}
|
|
|
df3714 |
|
|
|
df3714 |
- if (*(ldns_buffer_current(rd_buf)) == '\"') {
|
|
|
df3714 |
+ if (ldns_buffer_remaining(rd_buf) > 0 &&
|
|
|
df3714 |
+ *(ldns_buffer_current(rd_buf)) == '\"') {
|
|
|
df3714 |
delimiters = "\"\0";
|
|
|
df3714 |
ldns_buffer_skip(rd_buf, 1);
|
|
|
df3714 |
quoted = true;
|
|
|
df3714 |
- } else if (ldns_rr_descriptor_field_type(desc, r_cnt)
|
|
|
df3714 |
+ }
|
|
|
df3714 |
+ if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
|
|
|
df3714 |
== LDNS_RDF_TYPE_LONG_STR) {
|
|
|
df3714 |
|
|
|
df3714 |
status = LDNS_STATUS_SYNTAX_RDATA_ERR;
|
|
|
df3714 |
--
|
|
|
df3714 |
2.34.1
|
|
|
df3714 |
|
|
|
df3714 |
|