rpms / ldns

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9
  2.   SOURCES
  3.   ldns-1.7.1-out-of-boud-read-vuln.patch
Blob Blame History Raw 
From 15d96206996bea969fbc918eb0a4a346f514b9f3 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 24 Sep 2019 16:50:27 +0200
Subject: [PATCH 1/2] * bugfix #70: heap Out-of-bound Read vulnerability in  
rr_frm_str_internal reported by pokerfacett.

From 4e9861576a600a5ecfa16ec2de853c90dd9ce276 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 24 Sep 2019 16:51:09 +0200
Subject: [PATCH 2/2] Fix #70 fix code.

diff --git a/ldns-1.7.1/rr.c b/ldns-1.7.1/rr.c
index 6642aca7..adf67ae4 100644
--- a/ldns-1.7.1/rr.c
+++ b/ldns-1.7.1/rr.c
@@ -365,15 +365,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
 				ldns_buffer_remaining(rd_buf) > 0){
 
 			/* skip spaces */
-			while (*(ldns_buffer_current(rd_buf)) == ' ') {
+			while (ldns_buffer_remaining(rd_buf) > 0 &&
+				*(ldns_buffer_current(rd_buf)) == ' ') {
 				ldns_buffer_skip(rd_buf, 1);
 			}
 
-			if (*(ldns_buffer_current(rd_buf)) == '\"') {
+			if (ldns_buffer_remaining(rd_buf) > 0 &&
+				*(ldns_buffer_current(rd_buf)) == '\"') {
 				delimiters = "\"\0";
 				ldns_buffer_skip(rd_buf, 1);
 				quoted = true;
-			} else if (ldns_rr_descriptor_field_type(desc, r_cnt)
+			}
+			if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
 					== LDNS_RDF_TYPE_LONG_STR) {
 
 				status = LDNS_STATUS_SYNTAX_RDATA_ERR;
-- 
2.34.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation