summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Drysdale <drysdale@google.com>2017-05-22 09:54:10 (GMT)
committerJaehyun Kim <jeik01.kim@samsung.com>2019-02-07 13:11:32 (GMT)
commitbb88e0f7959fb46214ad49e3b70f0812c8770d8f (patch)
treec84635821d64e515873df3a955ea457d4d9d58b1
parent99c49e08750dc756c0c9634a6d12e0af81b9881c (diff)
downloadc-ares-tizen_4.0_tv.zip
c-ares-tizen_4.0_tv.tar.gz
c-ares-tizen_4.0_tv.tar.bz2
ares_parse_naptr_reply: check sufficient datatizen_4.0_tvrefs/changes/43/199243/1
Check that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. Bug: https://c-ares.haxx.se/adv_20170620.html Patch Link: https://c-ares.haxx.se/CVE-2017-1000381.patch Change-Id: I45f9d4916818b658bcec928f4bee2457ba2124b5 Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
-rw-r--r--ares_parse_naptr_reply.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/ares_parse_naptr_reply.c b/ares_parse_naptr_reply.c
index 0e37b02..6216ca7 100644
--- a/ares_parse_naptr_reply.c
+++ b/ares_parse_naptr_reply.c
@@ -110,6 +110,12 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
status = ARES_EBADRESP;
break;
}
+ /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
+ if (rr_len < 7)
+ {
+ status = ARES_EBADRESP;
+ break;
+ }
/* Check if we are really looking at a NAPTR record */
if (rr_class == C_IN && rr_type == T_NAPTR)
@@ -192,4 +198,3 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
return ARES_SUCCESS;
}
-