upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix Integer Overflow to Buffer Overflow in

Browse source 
sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
This commit is contained in:
W.C.A. Wijngaards 2019-11-19 16:42:17 +01:00
parent 02080f6b18
commit a3545867fc
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -11,6 +11,8 @@
reported by X41 D-Sec. reported by X41 D-Sec.
- Fix Integer Overflows in Size Calculations, - Fix Integer Overflows in Size Calculations,
reported by X41 D-Sec. reported by X41 D-Sec.
- Fix Integer Overflow to Buffer Overflow in
sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
18 November 2019: Wouter 18 November 2019: Wouter
- In unbound-host use separate variable for get_option to please - In unbound-host use separate variable for get_option to please

4
sldns/str2wire.c
View file

@ -150,6 +150,10 @@ int sldns_str2wire_dname_buf_origin(const char* str, uint8_t* buf, size_t* len,
if(s) return s; if(s) return s;
if(rel && origin && dlen > 0) { if(rel && origin && dlen > 0) {
if((unsigned)dlen >= 0x00ffffffU ||
(unsigned)origin_len >= 0x00ffffffU)
/* guard against integer overflow in addition */
return RET_ERR(LDNS_WIREPARSE_ERR_GENERAL, *len);
if(dlen + origin_len - 1 > LDNS_MAX_DOMAINLEN) if(dlen + origin_len - 1 > LDNS_MAX_DOMAINLEN)
return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW,
LDNS_MAX_DOMAINLEN); LDNS_MAX_DOMAINLEN);