upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-21 06:02:55 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix out of bounds read in parse_edns_options_from_query, it would read

Browse source 
8 bytes after a client option of length 8, and then ignore them to
  recreate a 24 byte response. The fixup does not read out of bounds,
  and puts zeroes in the buffer at that point, that then are ignored.
This commit is contained in:
W.C.A. Wijngaards 2023-08-16 16:58:49 +02:00
parent b1c707e551
commit 1c85901cc4
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
util/data/msgparse.c
View file

@ -1049,7 +1049,12 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len,
/* Copy client cookie, version and timestamp for
* validation and creation purposes.
*/
memmove(server_cookie, rdata_ptr, 16);
if(opt_len >= 16) {
memmove(server_cookie, rdata_ptr, 16);
} else {
memset(server_cookie, 0, 16);
memmove(server_cookie, rdata_ptr, opt_len);
}
/* Copy client ip for validation and creation
* purposes. It will be overwritten if (re)creation