summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Drysdale <drysdale@google.com>2017-05-22 10:54:10 +0100
committerNishant Chaprana <n.chaprana@samsung.com>2019-01-28 08:59:44 +0530
commitf5ca34c39b5fb01031e93619b573907cc46b1a4a (patch)
treec84635821d64e515873df3a955ea457d4d9d58b1
parent5bcd3658f45d71808854d4425a1f466780d70bf9 (diff)
downloadc-ares-accepted/tizen_6.0_base_hotfix.tar.gz
c-ares-accepted/tizen_6.0_base_hotfix.tar.bz2
c-ares-accepted/tizen_6.0_base_hotfix.zip
Check that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. Bug: https://c-ares.haxx.se/adv_20170620.html Patch Link: https://c-ares.haxx.se/CVE-2017-1000381.patch Change-Id: I16056280817af5cd7a62ddc366280c73391cbc6a Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
-rw-r--r--ares_parse_naptr_reply.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/ares_parse_naptr_reply.c b/ares_parse_naptr_reply.c
index 0e37b02..6216ca7 100644
--- a/ares_parse_naptr_reply.c
+++ b/ares_parse_naptr_reply.c
@@ -110,6 +110,12 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
status = ARES_EBADRESP;
break;
}
+ /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
+ if (rr_len < 7)
+ {
+ status = ARES_EBADRESP;
+ break;
+ }
/* Check if we are really looking at a NAPTR record */
if (rr_class == C_IN && rr_type == T_NAPTR)
@@ -192,4 +198,3 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
return ARES_SUCCESS;
}
-