diff options
| author | Seonah Moon <seonah1.moon@samsung.com> | 2023-02-20 13:59:20 +0900 |
|---|---|---|
| committer | seonah moon <seonah1.moon@samsung.com> | 2023-02-20 07:34:39 +0000 |
| commit | 69d5f318491054e9d38d44f2baa01e1cba619e7b (patch) | |
| tree | 2ec3ae5548a53649bb01fffa778afaf80afd9028 | |
| parent | 99c991f31d46e6beac2a48e99cbd4c3064f27d75 (diff) | |
| download | bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.tar.gz bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.tar.bz2 bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.zip | |
[CVE-2020-8625] Fix off-by-one bug in ISC SPNEGO implementation
See merge request isc-private/bind9!235
https://kb.isc.org/v1/docs/cve-2020-8625
Change-Id: Ic341e6aa2d32084c7c50f53dff9e70a219b5ddd6
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | lib/dns/spnego.c | 4 |
2 files changed, 5 insertions, 2 deletions
@@ -1,3 +1,6 @@ +5562. [security] Fix off-by-one bug in ISC SPNEGO implementation. + (CVE-2020-8625) [GL #2354] + 5479. [security] named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled. (CVE-2020-8621) [GL #1997] diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index 0e84f315..fc7120c8 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -83,7 +83,7 @@ * * ---------------------------------------------------------------- * - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska H?gskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -876,7 +876,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) { return (ASN1_OVERRUN); } - data->components = malloc(len * sizeof(*data->components)); + data->components = malloc((len + 1) * sizeof(*data->components)); if (data->components == NULL) { return (ENOMEM); } |